WordPress.org

Ready to get started?Download WordPress

Forums

possible hack? (9 posts)

  1. Anonymous
    Unregistered
    Posted 9 years ago #

    possible hack?

  2. Anonymous
    Unregistered
    Posted 9 years ago #

    it's kind of strange.. I got home from work today, and noticed someone posted a comment on 1 of my posts... on a freshly installed blog no one knows about... .. only 1 comment..
    but if i load up the comments table in mysql.. it shows 31 comments posted... all along the same lines...

  3. Anonymous
    Unregistered
    Posted 9 years ago #

    eg.
    1)
    Name: online poker | E-mail: lilo@suddenenlightenment.us | URI: http://www.I'm_a_stupid_spammer.com | IP: 62.39.107.121
    God not only plays dice. He also sometimes throws the dice where they cannot be seen. by online poker
    Posted Oct 26, 3:22 PM
    2)
    Name: free online poker | E-mail: lilo@suddenenlightenment.us | URI: http://www.I'm_a_stupid_spammer.com IP: 203.113.29.3
    �A cucumber is bitter.� Throw it away. �There are briars in the road.� Turn aside from them. This is enough. Do not add, �And why were such things made in the world?� by free online poker
    Posted Oct 26, 3:22 PM
    3)
    Name: online poker | E-mail: lilo@suddenenlightenment.us | URI: http://www.I'm_a_stupid_spammer.com | IP: 62.183.198.60
    A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. by online poker
    Posted Oct 26, 3:21 PM
    in total they spent about 30 minutes adding comments... but yet.. there is only the 1 visable from my main page..
    [Moderated - URL's removed]

  4. Anonymous
    Unregistered
    Posted 9 years ago #

    btw... i am running cvs "1.3-alpha-4"

  5. Anonymous
    Unregistered
    Posted 9 years ago #

    here are the apache logs... doesn't show too much, nothing weird or strange.. just those ips accesing the page.

    [root@x log]# grep -i "216.17.211.9" httpd/access.log
    216.17.211.9 - - [26/Oct/2004:14:44:22 -0400] "POST /wp-comments-post.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    216.17.211.9 - - [26/Oct/2004:14:44:23 -0400] "GET /index.php?p=1 HTTP/1.1" 200 3962 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    216.17.211.9 - - [26/Oct/2004:15:18:43 -0400] "POST /wp-comments-post.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    216.17.211.9 - - [26/Oct/2004:15:18:44 -0400] "GET /index.php?p=25 HTTP/1.1" 200 3962 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    [root@x log]# grep -i "62.39.107.121" httpd/access.log
    62.39.107.121 - - [26/Oct/2004:15:22:32 -0400] "POST /wp-comments-post.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    62.39.107.121 - - [26/Oct/2004:15:22:36 -0400] "GET /index.php?p=31 HTTP/1.1" 200 3962 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    [root@x log]# grep -i "203.113.29.3" httpd/access.log
    203.113.29.3 - - [26/Oct/2004:15:22:00 -0400] "POST /wp-comments-post.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:01 -0400] "GET /index.php?p=30 HTTP/1.1" 200 3962 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:02 -0400] "GET /print.css HTTP/1.1" 404 280 "http://www.x.org/index.php?p=30" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:02 -0400] "GET /wp-atom.php HTTP/1.1" 200 1098 "http://www.x.org/index.php?p=30" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:02 -0400] "GET /wp-rss2.php HTTP/1.1" 200 1102 "http://www.x.org/index.php?p=30" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:02 -0400] "GET /wp-rss.php HTTP/1.1" 200 632 "http://www.x.org/index.php?p=30" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:03 -0400] "GET /?m=200410 HTTP/1.1" 200 7734 "http://www.x.org/index.php?p=30" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
    203.113.29.3 - - [26/Oct/2004:15:22:03 -0400] "GET /xmlrpc.php HTTP/1.1" 200 42 "http://www.x.org/index.php?p=30" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"

  6. TechGnome
    Moderator
    Posted 9 years ago #

    He's been hitting a lot of WP blogs lately. Somehow this guy wrote a script that hits the target blog with a bunch of comments to posts that don't exist yet......
    I swear..... if we catch this guy...... grrrr....
    TG

  7. Brak
    Member
    Posted 9 years ago #

    It spams wp-comments.php with random post ID's, so it's completely random on which posts it appears. You can rename wp-comments.php to solve the problem, or blacklist him :)

  8. Anonymous
    Unregistered
    Posted 9 years ago #

    cool, thanks for the inputs guys!

  9. Beel
    Member
    Posted 9 years ago #

    Lookie, lookie, I cursed! Looks like a bit of a misdirect of my own minor frustration with comment spamming (though I hope the point is not missed on future posters). Dang, now I'll have to wash my hands with soap.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.