MJ

Just a couple of followups here for that the record and then it’s g’night.

podz writes:
“WP has no such vulnerability for this event.”

I might caution that rather bold claim. 1.5 is a brand new release. Weirdness happens. One thing I do understand are random passwords. Thanks for the links though.

david writes “More importantly, did they ACTUALLY post as you? Is it the name field that happens to be your name, or does the actual comment come from your account?”

They were actual posts and not comments. And they posted from my primary user account (MJ). They also (again) created a new user (with a blank name), I am unsure of what level access, as I nuked it in my anger and haste without thinking about a trail. They had not yet made any posts from that [blank] name account.

Basically, they had free reign. It’s disconcerting to say the least. Thanks all for your understanding and patience as we figure out what went wrong.

I’m beginning to wondering now if it could be as simple as a permissions thing… i.e. the famous 5 minute install for 1.5 (Fantastico did it for me…) does not set the right permissions, thus allowing unauthorized write/execute access. To a new untrained user (like me!) this could be a bad thing. Unfortunately, I can’t confirm or deny as I already went in and reset permissions.

Just a thought.