WordPress.org

Ready to get started?Download WordPress

Forums

My comments are turned off. (8 posts)

  1. rubbo
    Member
    Posted 6 years ago #

    At the head of my blog it now says comments off. This was not done by myself. I want comments activated and can't see how to do it.Please keep help very simple. I'm not blog literate. You can see the problem at http://www.allaboutolive.com.au
    Thanks, Mike

  2. biatch0
    Member
    Posted 6 years ago #

    I've also been having this "problem" for the last couple of days (my last post on 2.2 mysteriously showed up as "Comments off"). After reading the WP site about the security flaws and fixes in 2.3.3 I decided to upgrade, and then posted about it on my blog. Today, I found the "Comments off" on my most recent post AGAIN.

    Taking a closer look at both of the affected posts, I found something VERY interesting. Both were edited and a large amount of spam (links) was appended to the end of the post.

    I suggest you go to your dashboard and edit your posts to see if you had your posts modified as well. I think it's quite likely another WP vulnerability that hasn't been found by the devs yet (or not fixed yet).

    At the moment, I'm just removing the spam links from my posts. It appears that only the MOST recent post can be modified, but I haven't gone through all of my posts yet so I'm not 100% certain.

  3. rubbo
    Member
    Posted 6 years ago #

    Thanks Biatcho, I did find spam on two posta . Lots of URLs, a stack at the end of the blog but which don't show up in the published post. I wonder what's in for the spammers to do this?

    I managed to put up another post and so far the comments work. The guy who helped set up the blog originally says the whole blog has to be upgraded since its breached. mike

  4. whooami
    Member
    Posted 6 years ago #

    <meta name="generator" content="WordPress 2.1" /> <!-- leave this for stats -->

    The guy who helped ... is right. Your site is a mess, and honestly, the last thing you ought to be worrying about is having comments on.

  5. biatch0
    Member
    Posted 6 years ago #

    I imagine that a majority of people hit by this "hidden" spam will not notice it because it's not visible unless closely looked at; the only thing that gives it away is the "Comments Turned Off" bit (which I imagine isn't something the spammer wants to happen, rather it's probably an unwanted outcome of whatever vulnerability they used to modify your post).

    Regarding what's in it for the spammers; it might not appear that there's anything in it for them... until you consider what happens assuming a person does a Google/Yahoo/etc. search for something related to your website, or something that would list your blog post, etc.

    There's no use in "upgrading" the blog since it's breach... since I'm already using the LATEST (2.3.3) version of WP available, and it's STILL vulnerable. While I'm not 100% certain, this may NOT be a WP vulnerability at all... possibly a new Apache/PHP vulnerability? I won't know until I do a lot more testing, but I'm really lazy :\

    Assuming this is a WP vulnerability again, I don't know but I'm thinking about migrating to something more secure with less holes like Serendipity soon as much as I love WP and how it works :\

  6. biatch0
    Member
    Posted 6 years ago #

    Small update, I've upgraded Apache/PHP/MySQL on my server... and still got my comments turned off (again) today.

  7. Rgifford
    Member
    Posted 6 years ago #

    Okay, I have the same problem. Although, I can't find any attached spam. Where do I look?

    I've tried to go in under options to see if something was unchecked related to comments, but all is well there.

    How do I get comments back on?

    My site, if it helps, is http://www.springboardforsuccess.com/blog and it's my most recent post.

    Help.

    Robin

  8. whooami
    Member
    Posted 6 years ago #

    Rgifford,

    <meta name="generator" content="WordPress 2.2.2" /> <!-- leave this for stats -->

    --

    Im not going to assist people that are knowingly running software that is insecure. Im just going to start pasting version #s. Im tired of it. The people on this support forum ought to start telling people to get off their lazy duffs and start being responsible web masters. Its pathetic honestly, that people worry about plugins working, and comments being off, when they can just as be hacked and lose everything.

    The fact that these older versions get any support, propogates the idea that they dont need to upgrade. If you didnt get help, who knows, you might actually do something.

Topic Closed

This topic has been closed to new replies.

About this Topic