Major WordPress vulnerability: comment Spam, changed files & settings
I’m pretty sure there’s a major security vulnerability even in the most recent version of wordpress 3.1.2.
I experienced hacker link spam and modification of wp-settings and files on a wordpress blog. Symptoms are as follows:
- Changed footer.php with some links to i guess turkish penis enlargement sites. well hidden with base64 and gzipinflate.
- comment moderation deactivated
- automatic spam comments like e.g.
[…]Craps are one of the leading free online craps guide will explaining the very basics things of games in simple strategies[…]… through trackbacks and comments every minute
- even though comments are closed for all articles and trackbacks / pingbacks are deactivated
- did a clean reinstall of wp 3.1.2 without any plugins after having changed mysql pw and admin pw through phpmyadmin plus wp-config keys
This means: the wp installation is absolute clean and safe. Still we get the spam comments.
Let’s fix this together fast and heal WordPress! Who got the same symptoms?
- The topic ‘Major WordPress vulnerability: comment Spam, changed files & settings’ is closed to new replies.