Getting messages from a site that hasn’t existed for years

Home Forums BulletProof Security Free Getting messages from a site that hasn’t existed for years

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • October 14, 2021 at 5:57 am #40808
    Ginger
    Participant

    Hello all,

    Since the 17th September, I’ve been getting 2 emails like “BPS Pro Alert: The BPS plugin has been deactivated – October 14, 2021 – 7:16 am” each and every day.

    The content is:

    The BPS plugin has been deactivated on website: https://www.magic-weddings.com. To stop these email alerts from being sent while BPS is deactivated, go to the WordPress Plugins page, click the Must-Use link, click the BPS MU Tools Disable BPS Folder|Deactivation Checks link. If you just upgraded BPS you can ignore this email alert.

    Note: If you are troubleshooting the BPS plugin then click this BPS Troubleshooting link: https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting. The BPS plugin has built-in troubleshooting capability and should not be deactivated for troubleshooting. Deactivating BPS removes the built-in troubleshooting tools/capabilities. You can turn all BPS security features On or Off for troubleshooting to isolate exactly which BPS security feature is causing an issue/problem or to confirm or eliminate BPS as the cause of an issue/problem.

    However, magic-weddings.com hasn’t existed for years! So, there’s no WordPress website for me to go and change settings for.

    How can I sort this?

    Thanks

    October 14, 2021 at 7:27 am #40810
    AITpro Admin
    Keymaster

    Did you own this domain at some point? That domain is currently owned by someone, but the website is not loading.

    Domain information for:  magic-weddings.com

    Hosting Provider: Icidc Network
Hong Kong - Aberdeen - Icidc Limited

Web server type: nginx

Registrar Status: ok
Dates: 80 days old
Created on 2021-07-26
Expires on 2022-07-26
Updated on 2021-07-26

Ping results:
magic-weddings.com is reachable using fsockopen Port 80.
Response Time: 200 milliseconds
IP Address: 156.255.62.179
Hostname: 156.255.62.179

DNS results:
host magic-weddings.com
class IN
ttl 576
type SOA
mname jm1.dns.com
rname admin.dns.com
serial 1627374794
refresh 7200
retry 3600
expire 1209600
minimum-ttl 1800

host magic-weddings.com
class IN
ttl 497
type A
ip 156.255.62.179

host magic-weddings.com
class IN
ttl 21497
type NS
target jm2.dns.com

host magic-weddings.com
class IN
ttl 21497
type NS
target jm1.dns.com
    October 14, 2021 at 9:34 am #40812
    Ginger
    Participant

    I owned it in the past and had WordPress (and BPS) on it.

    However, I let the domain die a good few years ago.

    If someone owns it now, I have no idea who they are.

    How can I be getting these messages?

    And how can I stop them?

    October 14, 2021 at 10:02 am #40813
    AITpro Admin
    Keymaster

    Since the website is not up and since the Whois contact information for the domain owner is private then these are your options:

    Most likely the new domain owner will delete all the files for your old website and the problem will get fixed.
    Wait for the domain owner to fix the website and when it is up send the domain owner an email via the website contact form.
    Create an email rule in your email application to automatically do something with the emails.  ie automatically send them to your email application deleted folder.

    October 15, 2021 at 4:29 am #40816
    Ginger
    Participant

    OK.

    Is that the best that I can do? Just auto-delete the emails?

    It seems crazy that I can’t stop them.

    Where are they coming from?

    ‘What’ is sending them?

    Even if someone else has bought my old domain name, they can’t have got my old install of WordPress as well, can they? The install was on my previous hosting account. The people who have bought the domain don’t have access to my old hosting account.

    I don’t understand why it’s happening.

    October 15, 2021 at 6:21 am #40817
    AITpro Admin
    Keymaster

    The email alerts are coming from the /wp-content/mu-plugins/bps-mu-tools.php file on this website: magic-weddings.com.  Note: This BPS MU Tools alert was discontinued/removed in BPS 3.2.  Since the /wp-content/mu-plugins/bps-mu-tools.php file exists on this website: magic-weddings.com and the emails are being sent to your email address then that means that your old installation of WordPress and BPS still exist on that website.

    Just treat this situation like email spoofing spam or all the other various types of spam that you receive daily.  I receive around 300 spam emails a day (that number increases daily) and have created email application rules to deal with those spoofing and spam emails.

    Since that feature is no longer used in BPS then the email application rule that you want to create is this: Send the email to your email deleted folder if the Subject is: The BPS plugin has been deactivated.

    October 15, 2021 at 6:48 am #40820
    Ginger
    Participant

    OK. Thanks for the explanation.

    Regards,
    Damian

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.