Scheduled Spam Posts keep appearing

  • 413Critter

    (@413critter)


    8 years, 11 months ago

    Lately on a blog that monitor we’ve had a huge amount of posts being created under one of the admin users accounts. I changed that password, logged out all other instances, and changed the salt strings in the wp-config file.

    The posts kept appearing so I went ahead and deleted that admin user and changed the password to the database.

    But.. the posts keep appearing this time with no author specified.

    I have wordfence, AIO security firewall, and Sucuri installed as plugins, and none of them report anything.

    Has anyone run into this.. or have any ideas how I can sort this?

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    8 years, 11 months ago

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter 413Critter

    (@413critter)

    8 years, 11 months ago

    Aye thanks for those links.

    I’ve still not been able to locate the file, but it looks like I’ve been able to stop the posts with:

    add_filter( 'wp_insert_post_data', 'post_publish_filter_wpse_82356' );
function post_publish_filter_wpse_82356( $data ) {
    // view/manipulate $data
    if ('post' == $data['post_type'] ) {
        $msg = '<pre>' . var_export($data, true) . '</pre>';
        wp_die($msg);
    }
    return $data;
}
    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    8 years, 11 months ago

    That will definitely stop something, but you’re just putting a bandage over a symptom, not treating the problem itself.

    You might want to consider hiring someone to flush this out for you.

    If you do, please try http://jobs.wordpress.net/ or http://directory.codepoet.com/ and do not accept any hire offers posted to these forums.

    Thread Starter 413Critter

    (@413critter)

    8 years, 11 months ago

    Oh, I definitely agree. It is not a long term solution, but it will help keep things afloat while I am hunting this file down…

    thanks for your replies..

    Thread Starter 413Critter

    (@413critter)

    8 years, 11 months ago

    I think I might have an easier way to find the rogue file.

    I modified the previous filter to email me the $_SERVER['HTTP_REFERER']

    Hopefully that will lead me to the file

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    8 years, 11 months ago

    Great idea, fingers crossed! 🙂

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Scheduled Spam Posts keep appearing’ is closed to new replies.

Tags