WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Hackers (7 posts)

  1. Can hackers gain access by an admin approving comments or pings? I don't completely understand how a ping works, and I get a few which come from sites which duplicate my content.

    Usually, Akismet catches 95% of these (except for pings). And the others I manually delete.

    So, what are the negative impacts of a spam comment or a spam ping which gets through and approved?

    Thanks.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    Can hackers gain access by an admin approving comments or pings?

    Nope.

    what are the negative impacts of a spam comment or a spam ping which gets through and approved?

    Not everyone moderates comments and some people also publish pings as part of their standard comments. so the spammers are hoping that a % of their junk goes straight through to the published page without needing approval. Send this stuff out via bots and hit (say) 10,000 sites and you only need a low % to gain some vague link-back benefit.

  3. Great.

    Okay, I am getting an eval(base64decode code hack that keeps getting "dropped in" (about once every three or four days).

    I've changed passwords, changed salts, re-uploaded wordpress core and theme files, and installed a security plugin (bulletproof security, or something like that).

    I've followed your excellent links regarding hacks. Especially (Otto's ?) post about how to "sniff out" this code.

    Sooo... I guess it's time to put on a wet-suit and dive into the database. I just don't see where else this could be coming from?

  4. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    Compromised host who is loathe to ever admit it is my guess...

  5. esmi
    Forum Moderator
    Posted 2 years ago #

    @Josh: Have you changed all of your passwords - including your FTP and hosting account management ones? Are you using secure or plain FTP?

  6. @esmi,

    I didn't even think about that. Yes, I do use FTP and no, it is not a secure FTP. And no, I haven't changed that username or password.

    It's possible for a hacker to "see" that information and gain access via FTP? That's scary!! I'm going over to HostGator RIGHT NOW to switch it to SFTP and change the login info.

  7. Okay, so I had to call HostGator to 'enable' an SFTP account?! I couldn't believe there wasn't an option in my CPanel for this. But, I'm happy to report I'm now using SFTP. Thanks esmi!!

    After explaining why I needed the SFTP account, the CSR happily offered to have the tech department run a scan on my site and help me to identify possible backdoors and/or malware.

    We'll see what they come back with.

    Thank you so much esmi.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.