I am getting what looks like hack attempts using a hood from membership2.

I am getting what looks like hack attempts using a hood from membership2. I am getting admin notices like "This notification is to let you know changes were saved for "user_id-3-membership_id-145". The user who saved the changes is . The URL of the content is https://actualize.space/ms_relationship/user_id-3-membership_id-145/"

I followed the urls it said had been changed and it didn't bring up anything. I can't see what changed either but I got about 8 admin notices saying changes by blank user updated various URLs that looked possibly related to membership2 so I was a little worried.

it's a site still in development, and I am the only person authorized to make changes to it, and it's locked down with both defender and membership2 so that's why the admin notices of all the changes by blank user stood out.

  • Dimitris

    Hello Aurelio,

    hope you're doing good today! :slight_smile:

    I inspected your website but I wasn't able to find the source of these emails, as these aren't coming from Membership 2 but from another plugin that run audits and sends these notification emails.

    Could you please point to us which is the source of this? Please advise!

    If you're unable to find it, could you please proceed with a conflict test as shown here?
    https://premium.wpmudev.org/wp-content/uploads/2015/09/Support-Process-Support-Process.gif
    The concept here isn't to replicate the same issue, but at least for start, narrow down the conflicted combination of plugins so we could proceed with some tests in order to reproduce it, and then forward it to our SLS/devs for further investigation.
    I guess this is something between Membership 2 Pro and this other plugin.

    Let us know about your results here! :slight_smile:

    Warm regards,
    Dimitris

  • Aurelio

    I've narrowed it down to publishpress. I removed that and stopped getting the notices. It looked like someone was trying a bunch of URL calls trying to modify a membership level somehow, using URLs like "https://actualize.space/ms_relationship/user_id-3-membership_id-145/". I'm not sure the notices were the issue, but more that someone was able to make some change calling some virtual ms_relationship membership URLs. I couldn't see where any content actually changed though, and ran a wordfence scan as well, and things seem ok. I'll keep monitoring for anything unusual but I think it's OK. They weren't able to make whatever change they were trying, I think..
    Thank you!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.