What plugin are you using for blog stats?
Also, are you REALLY using WordPress 2.6.1? Cause that is SO out of date I would not have a hard time seeing you got hacked :/
LOL. Yes, I’m using 2.6.1. Very long story, but basically a previous update broke image uploading and the problem was never resolved as I was one of the very small number of people they couldn’t figure out what was happening. Couldn’t have my Admin not work correctly, so I stopped updating, as what I’m using is doing the job I need it to. But your security point is taken; the problem I’m talking about is pretty recent.
I’m using WordPress.com Stats plugin, from Andy Skelton. Version 1.3.5.
I would start with the presumption that you’ve been hacked then :/ Sounds like a recent pharma hack, actually.
And … yeah. Download a copy of 3.1 in a new folder and see if you can get image uploading to work, cause the next comment is ‘Man, you NEED to upgrade! There are a lot of known holes in 2.6!’
Any suggestions then on how rough making the jump from 2.6 to 3.1 will be? I have thousands of image files I cannot afford to lose in an upgrade. Suggestions on upgrade help or handholding would be appreciated.
Thanks for your time and suggestions, BTW.
You may need to do 2.6 -> 2.9 -> 3.1, but honestly, I didn’t have any issues, and my site’s been since … 1.5 or something. Without knowing more about your kinda vague ‘ broke image uploading’ issue, it’s a chance.
Which is why I said make a second site with 3.1. Test THERE if Images work, you can try an export/import to your new site, and verify the whole thing before cutting over π
I don’t believe that this is about the version because I have the latest WordPress version and I have this issue too.
I just noticed today that I have some strange numbers like “2232” “2201” in my WordPress Stats, under the list of “Top Posts & Pages” and if I click on them, it directs me to some strange websites that I have never linked to or even seen before.
Is my site hacked somehow? How would I know if it is? I didn’t recently installed a plugin and I have no idea why I see these links nor what I should to do fix it. I would appreciate if anyone could help me at the moment. *really frustrated* π
This is a problem for my sites too.
Using WordPress 3.1 and WordPress.com Stats Version 1.8.1
~Andrew~
mikehollihan should still upgrade. He’s using out of date everything, and if it’s a problem with the stats, HIS versions ain’t gettin’ patched.
marjoontheblog and AndrewRH – I can’t reproduce that on the site I’ve got access to that uses wp-stats.
I’ve tagged this one for the devs, but … could they be the POST ID numbers?
Ipstenu, they *are* the post ID numbers. When I hover over the “delete” link, that’s what shows up. Except that I’m not using that as my format for URLs; I’m using the date and post title format. And whenever I click the “delete” link I, too, get sent to the weird spam sites. (Mostly French and German.)
Manually entering the link that’s in the hover box, I still have the page linked. It hasn’t changed, moved or disappeared. That makes me think it’s internal to WordPress and something’s pirating the link inside WP Stats?
And you’re right. I do need to update, much as I worry about osmething breaking inside WP when I do. It’s been in the back of my mind for a while.
Thanks again for your help.
Ipstenu, you are right, I just wanted to say that I have the issue even with 3.1 version. And yes, they are post ID numbers but if I click on them it directs me to strange websites, not to my blog posts. (Edit: I don’t use number format like mikehollihan, I also use the date and title format for my posts)
I contacted my host in the meantime and they told me that they identified hacker script; shellphp and PSpellShell.php (shell_exec), they told me to look through it. From what I understood, there is a spellchecker plugin that can somehow be hacked to control your site (total computer noob here) and it should be disabled. The problem is, I don’t have that plugin installed, I don’t see it in plugins list, I don’t know how to disable it. Google search tells me to disable in php.ini, if only I could find my php.ini!
Maybe AndrewRH and mikehollihan can check it too, so that we could identify if it is the real source of our problem.
Ask your host HOW to disable it, marjoon. They have access to yout php.ini
I think it’s an issue on WordPress.com’s end.
I usually access my states through the WordPress.com dashboard, rather than my own website’s dashboard, and what I’ve seen recently has been…
1) Links to posts on my website with the wrong permalink structure, but the titles are correct
2) Links that are a post ID number that link to my website correctly
3) Links that are a post ID number that link to a WordPress.com-hosted blog
That’s seems to me like a database issue on their end.
It may be Friday evening or Saturday before I can follow up, but I’ll look into the things marjoon mentioned when I can and report back.
