Support » Your WordPress » SPAM Inserts into Blog Posts

  • This HIDDEN code is being somehow automatically inserted into the CODE of my posts after I save my post and is then sending out porn links via the RSS feed.

    <font style=”overflow: hidden; position: absolute; height: 0pt; width: 0pt”><!–4848–>

    How can I stop this from happening??

Viewing 15 replies - 1 through 15 (of 23 total)
  • whooami

    (@whooami)

    Member

    at the blog in your profile?

    How about reading your dashboard sometimes?

    How about upgrading from a version of WordPress that is nearly 1-1/2 years old?

    <meta name="generator" content="WordPress 2.1" />

    thats what your on.

    Its hard enough to keep up with ppl that have apparent security issues with the most recent version, much less ppl that cant be bothered to be responsible. If you cant take care of your site, what the hell do you expect?

    And yes, thats a vent, but ffs, folks, get a clue. If you cant do the work, the LITTLE bit of work it takes to upload some files, find someone that likes money, and pay them to.

    Perhaps I would not have said it as directly as whooami 🙂 but I definitely agree. The longer you wait before upgrading the more exploits will come out that will threaten the integrity of your site. It’s in your own interested to say up to date.

    I too have this problem and thought that it was because I was behind a couple of revisions. I was on 2.3.1 so cleaned everything down and replaced it with 2.3.3 but I’ve still got the problem.

    Example: http://www.fulwoodfmc.net/podcasts/2008/03/02/the-tenants-andrew-gardner/

    It only ever changes the first post. It also changes the comments and ping settings off. If I clean the post down it comes back again within 24 hours.

    Is there something else I should be checking?

    Is there some other security settings I should be applying?

    Guaranteed to be a long response, so if you aren’t up to reading something long & boring, stop now. I will assert there aren’t any bits & bytes, so it should be pretty accessible. (If anything is incorrect, please let me know. I hate using a dictionary or encyclopedia.)

    First, there are no perfect methods in any type of blocking certain things. The harder you try, the more delight some take to defeat systems. Companies spend a LOT of time trying to “protect” information such as music, movies, etc. If you can see it, and if you can feel it, it can be broken.

    Suits would prefer this outlook to be suppressed because it looks like they’re telling everyone, “Come and get it!”

    There are two methods of resolving (nor nearly so) spam in blogs:

    1. Spam detector software

    2. CAPTCHAs ( Completely Automatic Public Turing Test to Tell Computers and Humans Apart ). Let’s try to avoid using “CAPTCHA’s”.

    The former has two methods: 1) use a service geared for it; 2) Use what’s known as a “Bayesian” detector/filter. Bayesian software works by being told what is spam and what is not. The more it’s used, the “smarter” it becomes.

    If you want to sound impressive to others, Bayes was a Presbyterian minister … in the early 1700s. Kind of strange how a religious leader from 300 years ago has work which is important in today’s world. That overshadows another math wizard as Evariste Galois died in a (gun) feud (seriously) in the early 1800s, just a bit beyond the age of 20. His work continues to find more & more (and more) new ways to deal with his work.

    CAPTCHAs are the funny little boxes with colors, hash marks, etc. which are intended to baffle software because people can read it and computers cannot. You just enter what you believe it to be and it compares with the web server.

    I’ve pondered using either on a random basis. It won’t fix everything. But I’m just curious as to what happens.

    CAPTCHAs aren’t foolproof. Some spamming services pay people to interpret them for a particular fee. (see “squat”) The desired message is pasted and submitted. One could think “manual spam.” But if sites are noted to have a particular “profile” which can be logged & used at will, I have no doubt this would be another way to compromise blogs automatically.

    I’ve stepped back from the “anti” (anti-spam) and where blogging fits in. But there are two parties who can sue spammers: ISPs and SAGs (State Attorney General). You’d think it was taboo to do it. ISPs would definitely raise the profile of that ISP — potentially steal some customers with the knowledge they are going to (legally & financially) make someone pay. As for a SAG, it’s been interesting to see how elections are handled. The Indiana SAG spent the entire campaign bragging about what he’d done to support the DNC (Do Not Call) phone list. It’s more stringent than the federal level. Had he had the stones to do it, he would take on spammers. I don’t think people would look at the other candidates, as this alone would make people happy.

    phil

    whooami

    (@whooami)

    Member

    Phil,

    You apparently missed the point of the thread — this isnt about normal “spam” its about sites being exploited and spam inserted into the databse via the exploits.

    captchas aint gonna do jack for that.

    I noticed a couple of security things that I could tighten down on – mainly stopping self registration and deleted some suspicious user accounts, so have cleaned up the entry highlighted previously. We’ll see what happens.

    I have exactly the same problem.

    Hidden porn links were inserted into the code of recent posts and the comments and ping settings are switched off. I also noted that a new Administrator user was set up (which I have promtly deleted).

    I thought it was because I was using an older version, but I upgraded an still get the spam porn links inserted into my posts.

    Any idea how to stop it? Or is there at least a common IP address that all these attacks originate from, which I can get my host to block?

    Since removing self registration I have not had the problem. Might be a good thing to try if you don’t need it.

    I have never had self-registration enabled but I still have the problem.

    I upgraded to WordPress 2.3.3 last week because I was having this issue and it ended up making my site inoperable both on the front (rachelleb.com) and the backend WP.

    Now today my friend alerted me that I have spam in my feed and sure enough, there’s the spam in my post.

    Example here: http://www.rachelleb.com/2008/03/13/mekong-river-on-6th/

    You can’t see the spam while viewing the post, but if you do “view source” you’ll see it in the code. It also displays in feed readers.

    I’ve tried to read through these threads and most people are saying to upgrade to the must recent WP installation.. which I have done.. I don’t know what else to do. Again, this is spam INSIDE posts, not comment spam.

    just to clarify, it was the spam, not the upgrade that was making my site inoperable. i’m afraid it’s going to go down that path again..

    Is your hosting company Dreamhost? Perhaps, you may want to consult them about server security. There are many simple security measures. And I can’t list them all here.

    By the way, your wp-includes folder is wide-open. Its content is viewable.

    macsoft3 – thanks for your reply.

    Dreamhost is my hosting company. I will contact them.

    What is the suggested setting for wp-includes?

    whooami

    (@whooami)

    Member

    ALL directories should be chmod 755.

    If you do not want your directories to be browsable, create a an empty index.html on your desktop and upload it to those directories you dont want to be browsable.

    Thanks for the tips, whooami.

    I checked my settings in my ftp client and my wp-includes directory was already set at 755. So I created the blank index and uploaded it.

    I will also check the settings on my other directories and create the blank index files, if needed.

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘SPAM Inserts into Blog Posts’ is closed to new replies.