WordPress.org

Ready to get started?Download WordPress

Forums

WordPress *mimic* at www.com trashes your posts (5 posts)

  1. petersig
    Member
    Posted 5 years ago #

    I am using WP 2.1.2 for two blogs, Reviews, and Process, at the http://www.memoirista.com website.

    Last week the reviews blog was blocked because of extreme overuse. It's so inactive, with so little interest, that I couldn't imagine being slashdotted, so I investigated further.

    A user calling himself WordPress, with a web site name of http://www.com, had obtained admin privileges (actually on both blogs). He had gone partway down the list of recent posts, and inserted code <u style="display:none">. After that code there were pages and pages of links, starting with a "viagra" one.

    This creep had somehow given himself admin privileges. I first checked "profiles" and discovered that. when I checked Users, I also discovered that in one part of the information he had inserted a script - Javascript. This was all on the "Reviews" blog. On the other blog on this site, Process, he has also used the name WordPress and the web site http://www.com, but if there is code or a script from him somewhere, I haven't found it yet.

    Currently I've downgraded his privileges to "not on this blog" or subscriber only.

    I've rescued my blogs from this kind of code problem - mesothelioa, etc. - in the header, footer, and sidebar. Never before in the post.

    I did a search on the domain name, and have a user address and phone number, plus the hosting provider. I'm looking for recommendations on what to do next.

  2. whooami
    Member
    Posted 5 years ago #

    I'm looking for recommendations on what to do next.

    are you blind?

    youre running a version of WP that is over one year old and is exploitable with a simple copy and paste.

    what might YOU think would be anyone's advice here?

  3. xdesi
    Member
    Posted 5 years ago #

    Yes read the first four words of your own post and you have your answer

  4. petersig
    Member
    Posted 4 years ago #

    I should have said "him or her" referring to the unknown person who exploited my blog.

    You know, I can *install* WordPress in ten minutes or less, and go on to create comment. I cannot predict the time line involved in upgrading after I've created content. Until that day comes, I will be working with the existing imperfections of each install of WordPress for my 10 or 15 blogs.
    Thanks for the feedback. :-|

  5. whooami
    Member
    Posted 4 years ago #

    petersig,

    you were not hacked by a him or her named wordpress. thats a very old exploit, and that attack just creates a user with that info.

    You know, I can *install* WordPress in ten minutes or less ...

    you sure can, and if you continue to use versions that are exploitable using nothing more than a copy and paste, your sites will be hacked in is as little time as it took you to install it.

    I cannot predict the time line involved in upgrading after I've created content. Until that day comes, I will be working with the existing imperfections of each install of WordPress for my 10 or 15 blogs.

    Thats why you shouldnt be using wordpress. OR you ought to be outsourcing the upgrades to someone else.

    But hey -- if you dont care if your site is hacked -- seems to me no-one else should care either. Im sorry you dont like that "feedback" -- it would be intellectually dishonest of me to say anything else to you, unfortunately

    have fun.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.