Hi,

On random occasions when I received an email notification ( for example someone has commented on a post) a random member's username is contained in the URL to click to in order to read it on my site. This username does not appear to be the same as the person who did the action. The URL still resolves but I have had enquiries from members who are worried I have been hacked and they are being redirected to a different site. Please see screenshot. I understand this is very difficult to reproduce but this is a concern to me.

In this example the user "bcjedi" posted the comment. But for some reason an unrelated username "thoix" is contained in the URL.

Correction. "bcjedi" made the original post. I commented on it. And user "Silmerion" added this comment and I was notified. The user "Thoix" is not involved.

Here is another example. This is a notification that someone has accepted my friend request ( user "TrenchRunRebels") The user name "silmerion" in the URL in the email. Very wierd.

Hi John,

I am very confuse with your first and second email screenshoot, especially sscreenshoot email number #2 I think that is correct.. which "TrenchRunRebels" approved the friend request and you "Theforcebook" get the notification..

if possible can you provide me the steps how to replicate this and what is the correct result then if this is wrong?

thank you

Hi,

Sorry this is hard to reproduce. I will try to explain.

1. Here is an example. I ask USER1 to be my friend
2. USER1 approves my friend request
3. I get the email notification
4. In the email is a link to the site. In the URL, before " www.theforcebook.com " is a totally random member's username from the site.
USER256.www.theforcebook.com .......

It is a really strange issue. In this example "USER256" has nothing to do with me or the other member USER1 or this notification. It occurs randomly but very often. I can post more examples if you like.

Thanks

Hi John,

#1 can you try to disabed the SEF and let me know how you get then?
#2 can you provide me the phpmyadmin access, please? I need to inspect the issue from database directly.

thank you

Hi,

I have disabled the SEF Plug-in. Will see if that makes a difference. My database access is the same as the original ftp passwords I gave, I do not want to post in a comment. The URL is

phpmyadmin.theforcebook.com

Hi,

SEF is disabled and the issue has cropped up again see screenshot.

Hi John,

I cant see the FTP and phpmyadmin account in this topic, can you check again, please?

thank you

Ho can I send you my login details without anyone seeing. This issue is still happening. Since then I have also updated to 3.2.0.5

I have added the phpmyadmin login details

Any progress on this issue? It is still happening.

Hi John,

I am sorry for delay answer, I just replicated this and I cant see the error like you (check my screenshoot).

may I know in which page / action do you get that weird notification?

thank you