WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Weird comment found... SPAM or Site Break-In? (12 posts)

  1. Shutterscript
    Member
    Posted 7 years ago #

    I checked the comment list of my site (www.shutterscript.com) today and noticed a very mysterious looking comment that seems to have originated from my site for a page that doesn't even have the ability to accept comments. Here is the entry:

    #

    Welcome to Shutterscript! at Shutterscript | shutterscript.com/?p=3 | IP: 70.86.181.34

    […] About […]

    Mar 17, 12:42 PM — [ Edit | Delete | Unapprove | Approve | Spam | View Post ]

    If I click on the "shutterscript.com/?p=3" link I am taken to the first post on my blog. If I click on the "view post" link I am taken to my "about" page which doesn't even have an option available to add a comment. At first I thought it was spam, but the strangeness of this occurence and my inability to replicate it has me wondering if the integrity of my site has been compromised. I can't even view the comment anywhere except for the admin panel.

    Another thing to note is that I never approved the comment... It just showed up on the list as already approved. Does anyone have an idea as to what might be happening? Thanks.

  2. atheista
    Member
    Posted 7 years ago #

    Wasn't this a trackback?

  3. atheista
    Member
    Posted 7 years ago #

    Ok, I'm now sure it's a trackback. Basically, its something that let's you know that someone (in this case, yourself) is linking to your site.

    Don't worry about it. :p

  4. Shutterscript
    Member
    Posted 7 years ago #

    But the thing is that the IP address listed in the comment is not mine, and the trackback does not show up anywhere on my site except the comments management admin screen. So if it was in fact me who sent the trackback (unlikely since I have now idea how) the IP address should be mine.

  5. whooami
    Member
    Posted 7 years ago #

    ...the IP address listed in the comment is not mine

    If it's not your ip addy, though...

    no. the IP address would be the IP of your site, contrary to what anyone else here wants to incorrectly suggest. Sites send _legitimate_ trackbacks, not people. :P

    you wrote:

    Welcome to Shutterscript! at Shutterscript | shutterscript.com/?p=3 | IP: 70.86.181.34

    shutterscript.com == 70.86.181.34

    Please dont forget to mark this resolved.

  6. Samuel B
    moderator
    Posted 7 years ago #

    shutterscript.com/?p=3
    This shows it's a trackback from your "test" comment on that page.
    If it's not your ip addy, though...
    To be safe why not install the Bad Behavior plugin as it stops any trackback spam.
    http://www.homelandstupidity.us/software/bad-behavior/

  7. Shutterscript
    Member
    Posted 7 years ago #

    Is there anything that explains this a little better. I have read about trackbacks in the wordpress documentation, but it doesn't go into how it works technically. i.e. generating comments and approving them and such. The test comment is different form the "trackback" I am talking about. I was trying to replicate this mysterious "trackback" with no success. This is what my comment admin page looks like:

    1.

    admin | administrator@shutterscript.com | IP: 76.19.128.29

    test

    Mar 18, 2:57 AM — [ Edit | Delete | Unapprove | Approve | Spam | View Post ]
    2.

    Welcome to Shutterscript! at Shutterscript | shutterscript.com/?p=3 | IP: 70.86.181.34

    […] About […]

    Mar 17, 12:42 PM — [ Edit | Delete | Unapprove | Approve | Spam | View Post ]
    3.

    Mr WordPress | wordpress.org | IP:

    Hi, this is a comment.
    To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.

    Mar 16, 4:27 PM — [ Edit | Delete | Unapprove | Approve | Spam | View Post ]

    A whois for the unknow IP address reveals this:

    OrgName: ThePlanet.com Internet Services, Inc.
    OrgID: TPCM
    Address: 1333 North Stemmons Freeway
    Address: Suite 110
    City: Dallas
    StateProv: TX
    PostalCode: 75207
    Country: US

    ReferralServer: rwhois://rwhois.theplanet.com:4321

    NetRange: 70.84.0.0 - 70.87.255.255
    CIDR: 70.84.0.0/14
    NetName: NETBLK-THEPLANET-BLK-13
    NetHandle: NET-70-84-0-0-1
    Parent: NET-70-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.THEPLANET.COM
    NameServer: NS2.THEPLANET.COM
    Comment:
    RegDate: 2004-07-29
    Updated: 2006-02-17

    RTechHandle: PP46-ARIN
    RTechName: Pathos, Peter
    RTechPhone: +1-214-782-7800
    RTechEmail:

    OrgAbuseHandle: ABUSE271-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-214-782-7802
    OrgAbuseEmail:

    OrgNOCHandle: TECHN33-ARIN
    OrgNOCName: Technical Support
    OrgNOCPhone: +1-214-782-7800
    OrgNOCEmail:

    OrgTechHandle: TECHN33-ARIN
    OrgTechName: Technical Support
    OrgTechPhone: +1-214-782-7800
    OrgTechEmail:

    As it turns out, you are correct. This IP address is in fact the IP address of my site (I wasn't convinced since the whois info has nothing to do with hostgator, my actual hosting providor, until it traced back to this IP address... very strange).

    All I really want to know is how the that link got there, why it got there, and how to replicate it. Thanks again for the help.

  8. Chris_K
    Member
    Posted 7 years ago #

    All I really want to know is how the that link got there, why it got there, and how to replicate it.

    Write a new post. In the new post, put a link to one of YOUR older posts.

    Save post.

    Admire the shiny new pingback you just generated for yourself.

  9. Shutterscript
    Member
    Posted 7 years ago #

    haha, wow, well that explains a lot. I linked to my about page from my first post and the time of the pingback corresponds to the same time that I added the link. Thanks! Is there any documentation that explains the process of trackback / pingback generation? Am I correct in stating that all someone has to do is link to my site in order for me to receive notification of a trackback / pingback?

  10. vkaryl
    Member
    Posted 7 years ago #

    There's a page in codex about it, but it's not loading for me right now so I don't have an addy for you - if you can load http://codex.wordpress.org/ you can use the search to find it.

    Also, before you get REAL enthused over this, you want to do a search here for "pingback trackback spam" - because that's what's going to happen eventually if you don't do some pre-spam fixes.

  11. Chris_K
    Member
    Posted 7 years ago #

    Here's those codex links: Trackbacks and Pingbacks. They each work a bit differently but are essentially the same at the end of the day...

    As long as you're using some sort of anti-spam measures they're good things to have around. :-)

  12. Shutterscript
    Member
    Posted 7 years ago #

    I will take another look at the tutorial to see if I can extract anything more out of it. I am also reading up on the Bad Behavior plugin to see how it works. In any case, this thread is now resolved. Thank you very much for the help everyone.

Topic Closed

This topic has been closed to new replies.

About this Topic