WordPress.org

Ready to get started?Download WordPress

Forums

Discussion Options changed by plugin? (8 posts)

  1. johnnie_walker
    Member
    Posted 9 years ago #

    I have discovered something slightly disturbing today. I logged into my WP admin area, to discover that two comment spams came through. But that wasn't the disturbing part. I've been wondering why I haven't been receiving any comment notifications via e-mail, so I went to OPTIONS > DISCUSSION to check my DISCUSSION OPTIONS settings.

    Somehow, the "Email me whenever... Anyone posts a comment" checkbox was unchecked. Furthermore, under "Comment Moderation," where it says, "Hold a comment in the queue if it comtains more than ___ links," somehow, the variable had been entered by someone, or something, other than myself as "666."

    I am wondering if anyone out there is aware of the file or files in which the admin options settings are stored can easily be hacked without logging into the admin area. Or, is it possible that someone just figured out my password and is playing games with me? I'm not sure how someone could have figured out my password, but nonetheless, I have changed it.

  2. TechGnome
    Moderator
    Posted 9 years ago #

    Well, the options are stored in the database, not in any file. So that makes it a little harder (but not impossible) to get to. The only way to manipulate it w/o the admin screens is through some sort of database tool like phpMyAdmin.

    Tg

  3. What version of WP are you running?

  4. Kitten
    Member
    Posted 9 years ago #

    Well, with a cross-site-scripting cookie hijack, and a matching HTTP post the settings could be changed.

    That would entail you clicking on a link that was posted to your site, so that your login cookie could be read. Have you followed any of the spammer's links "just to see" what was there?

    But this seems a bit much work for a spammer to do, for one site. But if this was wide-spread, I could see a market for a list of "open blogs" for use by spammers.

  5. Matt Mullenweg
    Troublemaker
    Posted 9 years ago #

    Doesn't Spam Karma change that setting?

  6. ceo
    Member
    Posted 9 years ago #

    I was just about to say that, I remember freaking out in my options section when I saw the 666 thing - but yeah, I never did figure out if it was a plugin or the fact that I'd just done a fresh upgrade.

    Anyway, my point was that it happened to me, too and it wasn't a hacker. It was just stuff I put on my site that did, uhm, strange things.

  7. johnnie_walker
    Member
    Posted 9 years ago #

    Thanks for the feedback! :)

    I am using WP 1.21 at the moment.

    I did, out of curiosity, click a spammer's link about a week ago. It led me to a webpage that was (supposedly) no longer in existence. I don't remember the exact verbiage that was on the page, but it said something like, "account suspended due to abuse," or something like that.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.