Title: GWA exploit with WP?
Last modified: August 18, 2016

---

# GWA exploit with WP?

 *  [xerocool](https://wordpress.org/support/users/xerocool/)
 * (@xerocool)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/)
 * [http://www.searchenginejournal.com/index.php?p=1676](http://www.searchenginejournal.com/index.php?p=1676)–
   is WP affected? or is it only forums?

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200113)
 * Easy – do not use GWA.
 *  Thread Starter [xerocool](https://wordpress.org/support/users/xerocool/)
 * (@xerocool)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200115)
 * Yeh, i know but I mean If people use GWA and browse photomatt.net for example
   while they are logged in, They might be logged in as PhotoMatt instead of their
   real username.
 *  [kickass](https://wordpress.org/support/users/kickass/)
 * (@kickass)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200117)
 * Yes, that’s one solution, but only a partial one. If, as the article says, it’s
   allowing people to post whatever using some other username other than their own
   the possibilities for comment and MB spam become somewhat more serious to site
   owners. There is a fix posted, but that’s to block the IP of the google proxy
   that’s serving the GWA. Somehow that doesn’t seem appetizing, since it’s punishing
   the people who will not misuse the GWA. Apparently there’s also some changing
   of webcontent being served via the proxy going on as well (can we say AutoLinks
   Part 2?)
 * There are other issues- people using the accelerator, if they mouseover an ad
   on YOUR site, or a shopping cart button, it seems to be registering as a click
   even if the mousebutton is not used. What’s that doing to those of you who serve
   ppc ads??? It’s also screwing up the google adserver, and ignoring robots.txt.
   More here:
 * [http://fantomaster.com/fantomNews/archives/2005/05/05/the-google-web-accelerator-fiasco/](http://fantomaster.com/fantomNews/archives/2005/05/05/the-google-web-accelerator-fiasco/)
   
   [http://www.threadwatch.org/node/2450#comment-14611](http://www.threadwatch.org/node/2450#comment-14611)
   [http://fantomaster.com/fantomNews/archives/2005/05/04/google-the-coming-out-of-a-datascraper-spook/](http://fantomaster.com/fantomNews/archives/2005/05/04/google-the-coming-out-of-a-datascraper-spook/)
   [http://blog.searchenginewatch.com/blog/050504-145307](http://blog.searchenginewatch.com/blog/050504-145307)
 * So “Easy” becomes not so easy. Iit affects you if you have a site, even if you
   don’t use the GWA. Let’s face it, most, if not all, of the people on this support
   board have a site.
 * Feel free to voice your concerns with this issue here:
    [http://www.oag.state.ny.us/online_forms/complaint_misc.jsp](http://www.oag.state.ny.us/online_forms/complaint_misc.jsp)
 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200118)
 * Okay …. I will NEVER use this GWA crap.
    That’s not at all ever, even to test.
 * So if I don’t use it, how is someone going to get MY login details / passwords
   etc given that google NEVER sees it ? If I do not put my details into that system,
   then my details cannot be got OUT of that system can they ?
 * Ads are another thing entirely – if you are talking exploits that does not cover
   your adsense cash being screwed up.
 *  [zootropo](https://wordpress.org/support/users/zootropo/)
 * (@zootropo)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200157)
 * from what i have read, you only get to see a cached version of what another user
   sees, but you cannot do anything with that.
 * would be just like having a picture of the admin interface. they cannot do anything
   with that.
 *  [vkaryl](https://wordpress.org/support/users/vkaryl/)
 * (@vkaryl)
 * [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200160)
 * The problem with the cached picture (assuming that’s what the deal really is –
   and there’s a fair amount of conjecture that the real deal is something else 
   entirely) lies in the fact that login info may appear in that cached picture.
   Presumably the password wouldn’t show as text, but even so, it’s a security issue.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘GWA exploit with WP?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 6 replies
 * 5 participants
 * Last reply from: [vkaryl](https://wordpress.org/support/users/vkaryl/)
 * Last activity: [21 years ago](https://wordpress.org/support/topic/gwa-exploit-with-wp/#post-200160)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics