Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
It’s both spam and a hack attempt.
For the spam portion give this article a read.
http://codex.wordpress.org/Combating_Comment_Spam
For the hack attempt please make sure you have upgraded your plugins, themes and most importantly your WordPress version.
Thread Starter
ibogo
(@ibogo)
Since you mention about upgrading, I should start by saying I immediately activated Akismet and changed default login page, though my theme and WordPress are both one upgrade behind. I can’t upgrade at the moment as php is heavily edited. What plugins do you recommend while I sort out upgrading (or in general)?
Thanks for the response btw 🙂
(@ibogo)
9 years, 4 months ago
Earlier today woke up to 17 comments to review on my wordpress dashboard. This is the first time this has happened to me with this domain. On my previous domain, it happened within minutes or hours of registering (I should mention, this is within wordpress dashboard). The current domain I have had for 45 days with no comments.
Now I have 33 at the end up the day. Here are some examples:
WEB-INF/web.xml?
file:///etc/passwd
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n
WEB-INF/web.xml?
/../..//../..//../..//../..//../..//etc/passwd.jpg
1′”()&%prompt(901385)
-1);select pg_sleep(10); –
[ link redacted ]
-1; waitfor delay ‘0:0:5′ –
AND MORE…
I must mention I paid someone to test-hack my site for vulnerabilities although he says he didn’t start yet AND as mentioned this same sort of thing happened on previous domain (although without as weird of hack-style comments).
I traced the ip back to Pakistan.
What is going on?