Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Wallie on
Hi,
A few months ago I bought hosting from: ixwebhosting.com for two of my domains plumbereastcoast.com and plumberwestcoast.com. Both domains are on a shared hosting environment but both use a dedicated IP address.
On both domains I installed drupal 7 and added the: adsense, ctools, globalredirect, google_analytics, link, metatags_quick, pathauto, token and views modules.
Now when there are updates available for plumbereastcoast.com site, I receive an email that contains a completely different domain:
There is a security update available for your version of Drupal. To ensure
the security of your server, you should update immediately!There are updates available for one or more of your modules or themes. To
ensure the proper functioning of your site, you should update as soon as
possible.See the available updates page for more information:
http://www.aaronsministry.co.uk/admin/reports/updatesYour site is currently configured to send these emails when any updates are
available. To get notified only for security updates,
http://www.aaronsministry.co.uk/admin/reports/updates/settings
And I have the same problem with the plumberwestcoast.com site:
There is a security update available for your version of Drupal. To ensure
the security of your server, you should update immediately!There are updates available for one or more of your modules or themes. To
ensure the proper functioning of your site, you should update as soon as
possible.See the available updates page for more information:
http://wildlife-warriors.com/admin/reports/updatesYour site is currently configured to send these emails when any updates are
available. To get notified only for security updates,
http://wildlife-warriors.com/admin/reports/updates/settings
Both of those domains do not belong to me, and I had never even heard of them until I received the update emails, I checked out both websites and found out that aaronsministry.co.uk have their DNS setup to point to my website, the wildlife-warriors.com domain has a active website and does not actually point to my domain but coincidentally it does use the same nameservers of the ixwebhosting.com hosting company that I use for my domains.
So I asked the hosting company if they could explain this behavior, and they blocked the aaronsministry.co.uk using the htaccess file, and said they needed my administrator username and password which I refused to give them. After a while they told me they found the reason for this unwanted behavior, behind my back they had run some queries on my database and they found both "wrong domains" inside my watchdog table.
ixwebhosting.com answer:
When I perform an SQL search for the term "wildlife" in your database for plumberwestcoast.com it shows 20 matches inside table watchdog.
When I perform an SQL search for the term "aaronsministry" in your database for plumbereastcoast.com it shows 74 matches inside table watchdog.It appears that there have been some incorrect configurations in your watchdog model. Pleas log into your administraton panel and review the setting in your watchdog module.
Thank you,
Luna
Customer Relations
Personal Account Agent
So I tried to explain that the watchdog table is nothing but an access log table and does not contain settings and that the information contained in that table is not used by drupal when sending me the update notifications.
ixwebhosting.com answer:
Is this an extension or a built in notification system? Would you be willing to share your drupal admin login information so we can look in your back-end? I can hear through your ticket that you're frustrated. Let see if we can solve this issue together. Please update us via ticket, phone, or live chat. We're here 24/7 and are always happy to help.
Thanks,
Mike Casson
Customer Relations
So I explained that both the update notifications and the watchdog module are built-in modules, and are enabled by default, and gave them my admin username and password.
ixwebhosting.com answer:
Our system administrators have found both "wrong" domains in your databases. That is why you may see these domains: "aaronsministry.co.uk" and "wildlife-warriors.com" in emails sent by one of your scripts.
If you like to know how this records appeared in "watchdog" table - you should try to debug all inserts into "watchdog" table from your scripts. Thank you for understanding regarding this deal. Logs attached.
Feel free to contact us at anytime if you have any further questions, we are available 24/7.Sincerely yours, Lucy Grebenyuk
Technical Support Dpt.
So again I tried to explain to them that the watchdog table is just an access log and is not used for the outgoing notification emails.
ixwebhosting.com answer:
After some investigation, we found that your database has domain names that do not belong to you. This is the reason you have received those weird messages. The application is sending the information to you and that domain name is in the database that the application connects too. If you did not place those domains in your database, maybe your domain has a security hole and someone hacked it.
Customer Support
DuJuan White
--------------
Now my question to you guys, Am I really that wrong and do I get those domains in my notification emails because they are found in my watchdog table or is my hosting company talking out of it's ass. And have any of you guys ever experienced something similar, or would you perhaps know of a solution to this unwanted behavior.
Regards,
Wallie
Comments
=-=
to the best of my knowledge what is in your access logs has nothing to do with emails being sent to any domain.
have you checked your email settings/addresses in administer -> site information and on the update module settings
email setting/adress
Thank you for your reply.
Yes I have checked and they are set to the correct (my) email address. The problem is not with the email address, I do receive the update notification in my email, sent using the correct website's email adresses, but the update notifications messages themselves contains a completely different domain/address, and not my website's domain/address.
in the settings.php file I have set both "cookie domain" and "base url" correctly as well.
=-=
seems to me you can empty the watchdog table after backing it up. add a module that is known to be outdated and check the email which is then sent.
Thanks again
I'll keep that in mind and will try it if I get don't get any more definitive answers. Was kind of hoping someone would be able to tell me with a little more certainty that the watchdog table / module is or isn't the problem. But thank you for taking the time to respond.
=-=
based on my look at the code, I don't see why it would be. Another reason that I don't think it has anything to do with it would be my 6 sites which don't have this issue, and I'd think the forums would be clamouring with forum posts which they aren't.
That said, if you're install has been hacked to do something it shouldn't be doing , that's a different story.
Hi again
Yes, I also have plenty of other websites, all drupal, although most of them are drupal 6 and I have never seen anything like it.
That both websites are hacked is a possibility, however I'm completely unsatisfied with the hosting company in general, I moved an active website over to them and the average time to load a page (google webmaster tools) went from 0.5 seconds (also on a shared host) to 6 seconds, which the host calls acceptable regular performance.
And apart from that one of the wrongly reported domains coincidentally uses the same hosting company and DNS, which makes me think that the problem is more server/hosting related, then it is a problem with the drupal application.
^
This is for Drupal 6, my apologies.
I have experienced the same. There was a developing domain I used but even after deploying, I received links in the email that refers the old dev domain, even after I removed that domain!
I thought the domain is hardcoded but couldn't find it.
Also, it looks like the update.module is making links using url() function that I have used in the site. My url() gives correct paths.
May be there's something to do with the domain that executes the cron command ? if the cron job is set to fetch http://dev.example.com/cron.php?key=key , I will receive emails that has links to dev.example.com domain. If the cron command is a shell command, may be the domain is from some server variable ?
What's new and changing in PHP 8
About Cron
Yes cron was the first thing I thought of as well, but drupal 7's cron is only accessible from the outside using the key, and only I know the key (I assume). Drupal 7 automaticaly runs cron internally every 3 hours by default. I have not executed cron using the key yet, only let it run automatically, so don't see why it would use someone else's domain.
Problem probably resolved
Today I got a message from the hosting provider that finally contained some useful information and advice.
Going to try their recommendations and see if it helps to solve this issue.
Again thank you all for your help.
Did you resolve it?
Hi Wallie,
I'm having the same issue with my Drupal 7 install, my host is Linode. Were you able to resolve the issue, what was your hosts recommendations?
Please let me know, and thanks for posting this thread.
I have the same problem
Any one has any suggestions? thanks. I just moved to a new server and encountered this issue.
One thing in common here
Check the wrong domain in the email, you'll see even the IP is different, but it belongs to one same server or it just belonged to the same server, maybe that's why this issue usually happens to new installed or moved sites, it's recorded in the watch table but nothing else wrong can be tracked.
this is a known issue
This issue seems to happen more. See http://drupalscout.com/knowledge-base/your-drupal-site-pretending-be-ano...
They suggest:
1 You can set a specific domain as your $base_url in sites/default/settings.php. While the dynamic detection can be a handy feature it can also cause problems. One way to stop that is just to set a permanent value.
2 Use a specific sites/example.com/settings.php and leave dynamic $base_url - this has the implication of letting Drupal respond to all subdomains of example.com which may or may not be a benefit.
3 Configure your webserver so that the default page served when an incoming request is something other than your default Drupal installation, such as an error page
4 Configure your webserver to redirect all requests that reach your server that are not for the appropriate domain to forward to the right domain name
In my opinion should suggestion 3 and 4 do the work. May be can someone tell how to do this at a shared hosting environment? Should your hosting provider do this or can you do this with .htaccess files? How?
Seems related to $base_url not being set
I agree with c_estDick, but I think that the simplest solution is to set
$base_url(#1). This solution does not require URL rewriting.For details, see my answer here: https://www.drupal.org/node/2461721 .
- gisle
Just had this same issue with Drupal 8, what the heck?
My Drupal 8 site (hosted on Linode) sent out "new updates available" emails linking to a domain I've never heard of.
Very very strange. This has worked correctly previously, I can't imagine anything has changed. The whois lookup on that domain shows that very strange domain does exist, which makes me suspect a hack attempt and that my Drupal install has been compromised (or perhaps my linode hosting). Even as I type I'm firearm shopping and looking for airfare to China. *grin*
edit: This is a new Drupal install and I see the status page is complaining that my trusted host settings are not configured. They point to this page: https://www.drupal.org/node/1992030 which has a specific subsection "Scenario 1: Getting/sending user emails that appear to be for another domain", so looks like this was a rudimentary hack attempt that is easy to solve.
same problem at https://www
same problem at https://www.starmessagesoftware.com/
with Drupal 7, v7.53.
While building the site I used the subdomain 'drupal' instead of www and now the links inside the email for the updates contains
drupal.starmessagesoftware.com
The cron job run from withing Drupal. (The D7 way)
The base_url in the settings.ini is not used (commented-out) and I do not wish to play with it.
I just need to see where the old subdomain is still stored.
Regards
Mike
Check your cron job command.
Check your cron job command. If it's requesting https://example.com/cron.php, the email will come out with example.com domain because the host name is deduced from the request URL. I highly recommend setting a base_url.
What's new and changing in PHP 8