Password recovery email with different website URL

  • WordPMTL

    (@wordpmtl)


    7 years ago

    I received a password-recovery email this morning for a client website. The email came from my server, and the subject and first line looked normal:

    Subject: [My Client Website] Password Reset
    Body: Someone has requested a password reset for the following account: https://www.myclientwebsite.com

    However, the email address the email came from used a different and unknown URL:

    [email protected]

    And the password reset URL was for the same unknown URL:

    T`o reset your password, visit the following address:
    <https://example.net/wp-login.php?action=rp&key=xsdasdasdasdas&login=admin&gt;`

    I have never seen this URL example.net, and I searched that client website database for the string and it didn’t appear.

    Any help would be appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Can the client access the site? If yes, then you can just disregard the email.

    Thread Starter WordPMTL

    (@wordpmtl)

    Hi Jan. Yes, the client and I can both access the site. But I find it strange that a website I host would send an email from my server with an altered domain name in the “from” address and the recovery URL. How can these things be manipulated when submitting a password recovery form?

    Thread Starter WordPMTL

    (@wordpmtl)

    Hi Jan, did you have a chance to see my reply? Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Password recovery email with different website URL’ is closed to new replies.