WordPress.org

Ready to get started?Download WordPress

Forums

spam injection on a cformIIs alternate action, HELP! (1 post)

  1. Babaloo
    Member
    Posted 5 years ago #

    Hi,
    Im using cformIIs as a form builder and redirecting the action to a script that parses data to a wp_insert_post object.

    The goal is to have visitors post to a very specific section of the blog and insert some of that data to a separate, custom DB without granting editor status to users.

    Well, it got hacked by a spam bot :(
    It seems the spambot is using my script for injection, bypassing the $POST variables and going straight to wp_insert_post. I've used some regex snippets to kill the insert, changed the post status to pending. This had some effects, filtering the content and links from the bot, but it is still able to perform the injection.

    I'd really appreciate any help on this, since my coding skills are quite basic.

    Thanks for reading

Topic Closed

This topic has been closed to new replies.

About this Topic