spam injection on a cformIIs alternate action, HELP! | WordPress.org

João Miguel
(@babaloo)

15 years, 2 months ago

Hi,
Im using cformIIs as a form builder and redirecting the action to a script that parses data to a wp_insert_post object.

The goal is to have visitors post to a very specific section of the blog and insert some of that data to a separate, custom DB without granting editor status to users.

Well, it got hacked by a spam bot 🙁
It seems the spambot is using my script for injection, bypassing the $POST variables and going straight to wp_insert_post. I’ve used some regex snippets to kill the insert, changed the post status to pending. This had some effects, filtering the content and links from the bot, but it is still able to perform the injection.

I’d really appreciate any help on this, since my coding skills are quite basic.

Thanks for reading

The topic ‘spam injection on a cformIIs alternate action, HELP!’ is closed to new replies.

Tags

post

In: Fixing WordPress
0 replies
1 participant
Last reply from: João Miguel
Last activity: 15 years, 2 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics