It’s just a spam comment. Not really a security issue. Best thing to do is get a spam blocker plugin and add it to your site.
Thread Starter
drzax
(@drzax)
I figured it was just spam. I’m just wondering how it got there without being linked to an actual post. And for that matter, the point of it all, given that unless it is linked to a post no one but me will see it.
S.
I believe that spam can be posted to future posts which means that they would show up once the post is posted.
Thread Starter
drzax
(@drzax)
Ok, just out of interest, how would that happen? Wouldn’t the spam program have to run queries directly on the database? Or is it as simple as loading a certain php file with particular URL parameters?
S.
I’m not exactly sure, but I think it’s as simple as loading your wp-comments.php and just incrementing post#’s? I could be wrong though.
I believe version 1.2.2 has been fixed to not allow posting comment to not-yet-written post. So if you haven’t upgrade to 1.2.2, it’s recommended.
Thread Starter
drzax
(@drzax)
Yes, I’m on v 1.2.2 so this adds to the mystery as to how it got there.
When I try and view the post that is supposed to be associated with the comment (in the edit screen – by clicking on the link that says “Edit Post “# 0â€?”) in the Preview Post section I get:
Filed under:
Database error: [You have an error in your SQL syntax near ” at line 5]
SELECT category_id, cat_name, category_nicename, category_description, category_parent FROM wp_categories, wp_post2cat WHERE wp_post2cat.category_id = cat_ID AND wp_post2cat.post_id =
Warning: Invalid argument supplied for foreach() in {exact location removed}\drzax\wp-includes\template-functions-category.php on line 90
� @
Thread Starter
drzax
(@drzax)
Line 90 by the way is “foreach ($categories as $category) {” (should be the standard line 90 in the 1.2.2 source – I have made no changes.
S.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
It’s either a spam comment or a spam trackback. These things aren’t bugs or exploits. They happen to everyone, everyday. Spam bots post spam comments by directly accessing wp-comments-post.php and spam trackbacks by directly accessing wp-trackbacks.php. You can find ways of preventing this here: http://www.tamba2.org.uk/wordpress/spam/
Has anyone run this SQL query to eliminate pre-post comments:
DELETE wp_comments FROM wp_comments C LEFT JOIN wp_posts P ON C.comment_post_ID = P.ID WHERE P.ID IS NULL
???
How often does it cause irreperable damage?
*bump
If noone has, is there another way to eliminate “pre-submitted” comments?
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Excellent…I got it with the first option. Something I read yesterday made me think it wasn’t the fix for my problem, but my posts are finally unaccompanied by an advertisement for online poker 😉
Thanks!
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Well, unless you’ve updated to v1.2.2, these spam comments can still be directly inserted into the database for non-existent posts. So, if you haven’t upgraded yet, do it now.