And I will apologize to the group now for my abrasive response. People that are lawsuit/sue happy irritate me to no end. I would be almost willing to bet that this person is also part of the forums since it says “you received a message from” and knowingly entered his email unto the site and forgot to click the option that they did not want to receive emails from other members of the forum. Therefore Mr. Sue Happy Ass Hat would be at fault and not V1Engineering. So Mr Sue Happy Ass Hat owes you an apology and needs to learn how the interwebs works before they go off half cocked.
Geez. I hope that person isn’t on FaceBook…
Ahaha!
Geez I’d hate to see what they do with junk mail or robo calls…
I get a junk mail news paper thrown in my driveway. It snapped the shear pins on my snowblower and I didn’t get that mad…
Well they saw this thread and I got another email. 3 years in this is by far the worst two emails I have ever received. Maybe I am lucky (I did expect more negativity) but either way I hate to be threatened. Although I was threatened more in the second email, at this point I am no longer letting this ruin my day. Can’t please every one but this is the first documented unhappy person as far as I know.
Hey can one of you check to see if you can send a private message to all users? I thought I was the only one that could if that is the case that hole needs to be fixed ASAP.
I don’t know how to try that. I can compose a message to someone, but what do I put in the who to address all?
Don’t you have a non-Ryan user account? I assumed some of the one off ass kicking posts were you under another name 
Sweet if you don’t have the checkbox option we are good. I have an account called tester or dork or something I couldn’t find it. I will have to make another. I have to figure out how this happened. I am wondering if there is an auto complete built in or something.
Barry?
OHHHHHH SNAP!!!
googled around a bit and found a fairly recent post about Wordpress theme vulnerabilities.
wordpress exploit
Sounds like Steve did it.
HAHAHAH I just blamed Charlie Bravo on Facebook he had some script “theory”
I had to take a look I really hope that wasn’t it. It is a pretty old vulnerability, I hope they have patched it by now. I don’t use any of those themes but it came from the Private message somehow. Hard to block bu the sketchy part is how the heck did the get through so many users and get there names? It did seem like it hit only a few letters of the alphabet though.
Ha!.. its 2018! my bad! I’ve had sites of mine exploited it’s a constant battle.
Got a message as well. The range was either by first name or it was a wider range than you thought. Thanks for taking care of this.
Maybe Mr Sue Happy is Mrs Maureen’s husband. Another mistake in the message is that I don’t think it said what exactly it wanted us to do with the money, but it did apologize for making us busier.
Well I went right out and bought some stuff on Amazon, after all my 10% should be here well before the credit card bill is due.
I monitor a couple of WordPress sites and find there are updates for various parts about twice a week. I’m using Wordfence to tell me and it’s been pretty reliable.
I’m updating as soon as they show up. Wordfence gave me issues, it changes settings all by itself during updates and actually locked me out before, to active of a user, but I was white listed… Might have just been a woocommerce thing but I have never tried since I stopped using woo.
The shear number of spam registration attempts is extremely alarming, the ones that do get through usually only get one post in the forums before one of us deletes or reports them. This Private message thing is different. If there is any sign of it again I will just turn them off for a while. I signed into a privileged account and there is no autocomplete for user names, or mass message. I am not sure how it was done but it had to have been a script that dug through the forums saving user names and then sent each of them/us/you a separate message. I have three different ways this sort of thing can be stopped I would imagine and I hope one of them has an update for the site tomorrow. 1-number of message limiter from the PM software, 2-better internal spam filter, this one usually works as it shares between wordpress sites to pre-flag and broadcast issues if others find them first I have a button that flags spam stuff. 3-external email filter from the host.
I actually never read the message, my BS sensor wouldn’t let me, my brain is getting tuned into scammy things and bells and whistles stop me from proceeding.
So the issue happened with buddypress private messaging, some sort of hacky thing. Another issue I have been having is being caused by buddy press as well. People can’t activate there hotmail, live, or msn emails as new users because of some html being added to the unsubscribe link by buddy press. I have manually activated anyone that asks but I can see a hundred or so not activated users with these email domains in the last few days. Not cool.
I think we will be losing private messaging for a while if there is not an update soon.
Occasionally, it’s useful. I have had a couple people ask me direct questions through it, and I politely tell them that the reason I answer questions in a forum is because I’ve read 1000 useful answers someone else asked. So no, I will not help them edit their firmware in private. It has been useful a few times though. Maybe you could change it so that you can only email people who follow you, or are your friends or whatever? It would add a later of obfuscation, but not a significant one.