WordPress.org

Ready to get started?Download WordPress

Forums

spam url inserted in a posting, different from spam comments. (8 posts)

  1. cdgalaxy
    Member
    Posted 6 years ago #

    This is the part of my posting but I didn't put <noscript>...</noscript> (I even do not know which language that is). I didn't know it was there until someone told me. This is spam but not comment spam (SpamBam is activated and didn't see spam comments ).

    Although it is a great read, Numerical<noscript>Innanzitutto, devi portare alcune domande basilari riguardo il tuo gioco di poker online.</noscript> Recipe ((W.H.Press, S.A.Teukolsky, W.T. Vetterling, and B.P.Flannery, 2nd ed., 1992)) is no more suitable as a statistical bible than Ptolemy is for astronomy.

    Please, help me to prevent embedded spams and urls in postings.

  2. whooami
    Member
    Posted 6 years ago #

    assuming you are seeing this on the blog linked in your profile.

    <meta name="generator" content="WordPress 2.3" /> <!-- leave this for stats -->

    YOU need to upgrade.

    There may very well be a continued security issue with WordPress2.3.2, but until you have taken the proactive steps to make sure that your install is up to date, there's little help anyone can offer.

  3. cdgalaxy
    Member
    Posted 6 years ago #

    Although I do not understand the part before YOU (forgive my illiteracy), it seems like I must upgrade to ver. 2.3.2. Many thanks! (how would i know embedded spam is related to an old version, so amazed at your simplicity ^^).

  4. whooami
    Member
    Posted 6 years ago #

    you dont know, thats my point. upgrading may or may not fix that, your wordpress blog was compromised, theres no doubt. But until you upgrade to 2.3.2 theres no way of knowing if its related to your version or not.

  5. cbdilger
    Member
    Posted 6 years ago #

    I just noticed a very similar embedded spam on a post. I am running WP 2.3.2 on shared hosting so I can't get MySQL logs, but I will gladly provide other information as needed.

    Edit: found another post. Here is the text, minus the link.

    <noscript>Questo tipo di Poker e il <a href="http://REDACTED/la-piu-bene-roulette-in-linea-guida.html">roulette in linea</a> gioca preferito nei Caraibi e sulle navi da crociera, in cui ogni giocatore gioca contro</noscript><noscript>Alcohol breath let us for your! Chirping mentioned mosquito <a href="http://REDACTED/group/carlyn8103/web/music-ringtones">music ringtones</a> earlier she did you.</noscript> il banco indipendentemente dagli altri colleghi giocatori.

  6. webmoose
    Member
    Posted 6 years ago #

    I ran across one of these in one of my own posts last week, advertising a poker site in German. I've also seen them on two other sites since then (I alerted the owners). I'm running the latest version of WordPress, so it appears to be a current exploit.

    As nearly as I can tell, the NOSCRIPT tags keep the ads from being seen by any browser that has Javascript enabled, but spiders that rank links will still "count" them. So the spammers are getting their popularity artificially inflated.

    I find it odd that they appear to be so sporadic; I'd assume that once a vulnerable site was found the spammers would inject their code into most of its posts, but that doesn't seem to be the case.

  7. Ben Tremblay
    Member
    Posted 6 years ago #

    Seems like the real thing; Support 154139 (started 6 days ago) reports the same trick.

    Time for someone to open a Ticket? one already opened?

  8. whooami
    Member
    Posted 6 years ago #

    remove or rename your xmlrpc.php

Topic Closed

This topic has been closed to new replies.

About this Topic