Spurious password reset request

NL_Derek
(@nl_derek)

5 years, 5 months ago
I run a small and newish WordPress site in the Netherlands. Today (26 Dec) I, as webmaster, received an email from WordPress asking for a password reset. The email says “if this is a mistake, you can ignore this email”. The request came from an IP in Germany, and our site is strictly Dutch.

Our Contact page gives my webmaster email address, but as an inline PNG with a mailto: link, to avoid scraping.

I did some tests and it looks as if somebody clicked “forgot password” and filled in the webmaster email address. Easy enough for a human, but a robot would need to be quite sophisticated to extract the email address and use it correctly. And our website (sustainable living in the city center) is hardly a high-value target. I have looked over the site and see no visible changes. I receive some spam but Akismet keeps it under control.

I assume it is some sort of hacking attempt, but cannot understand how it was intended to work. If the hacker has compromised my email provider then s/he can break in without my knowledge, and if not I see no possible advantage.

Can I safely ignore the incident? How did the hacker intend to proceed?
- This topic was modified 5 years, 5 months ago by NL_Derek. Reason: Grammar
The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

corrinarusso
(@corrinarusso)

5 years, 5 months ago

I don’t see how an inline png with a mailto: tag on it would obscure anything ?
Also, your address is open :
https://www.binnenstadduurzaam.nl/contact/

Personally, I would ignore it/

If you are worried, then harden your site :
https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

Hardening WordPress

Moderator t-p
(@t-p)

5 years, 5 months ago

Also, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

Thread Starter NL_Derek
(@nl_derek)

5 years, 5 months ago

@corrinarusso the trick with the inline PNG is to stop simple robots from harvesting your email; 15 years ago I took over a website which was receiving several spams per day (mostly from Nigerian millionaires those days); replacing the existing mailto: link with a PNG (screenshot of the link) reduced that to a few per week. It has the same aim as writing johnDOTsmithATcompanyDOTcom, but IMHO looks nicer and is more user-friendly.

As to security, I make backups and am reasonably security-aware, but my site is not likely to be a target of anything other than widespread robot-attacks. That is why I was surprised to see what looks like a human attack.

corrinarusso
(@corrinarusso)

5 years, 5 months ago

> the trick with the inline PNG is to stop simple robots from harvesting your email

Yes. I understand the details. My point is that it won’t stop harvesters. A mailto: is still visible. Whether it is on an image or not.

> As to security, I make backups and am reasonably security-aware

Backups are not a method of security. Many infections won’t show up for quite some time (days, weeks, months). So you could be simply making backups of infected sites. Suggest running a daily scan for malware, and let your host manage backups.

If you want to stop spam, build contact forms with a strong reCaptcha.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Spurious password reset request’ is closed to new replies.

Spurious password reset request

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics