Title: MJ's Replies | WordPress.org --- # MJ [ ](https://wordpress.org/support/users/mj/) * [Profile](https://wordpress.org/support/users/mj/) * [Topics Started](https://wordpress.org/support/users/mj/topics/) * [Replies Created](https://wordpress.org/support/users/mj/replies/) * [Reviews Written](https://wordpress.org/support/users/mj/reviews/) * [Topics Replied To](https://wordpress.org/support/users/mj/replied-to/) * [Engagements](https://wordpress.org/support/users/mj/engagements/) * [Favorites](https://wordpress.org/support/users/mj/favorites/) Search replies: ## Forum Replies Created Viewing 8 replies - 1 through 8 (of 8 total) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Unauthorized postings](https://wordpress.org/support/topic/unauthorized-postings/) * Thread Starter [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/unauthorized-postings/#post-162555) * I think I may have figured out part of what happened. Could one of you support mavens who’s posted here PLEASE drop me an email? I don’t want to post the info here until I know for sure I am right. * Thanks – MJ [mj@fridayfishwrap.com](https://wordpress.org/support/users/mj/replies/mj@fridayfishwrap.com?output_format=md) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Unauthorized postings](https://wordpress.org/support/topic/unauthorized-postings/) * Thread Starter [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/unauthorized-postings/#post-162434) * Just a couple of followups here for that the record and then it’s g’night. * > podz writes: > “WP has no such vulnerability for this event.” * I might caution that rather bold claim. 1.5 is a brand new release. Weirdness happens. One thing I do understand are random passwords. Thanks for the links though. * > david writes “More importantly, did they ACTUALLY post as you? Is it the name > field that happens to be your name, or does the actual comment come from your > account?” * They were actual posts and not comments. And they posted from my primary user account (MJ). They also (again) created a new user (with a blank name), I am unsure of what level access, as I nuked it in my anger and haste without thinking about a trail. They had not yet made any posts from that [blank] name account. * Basically, they had free reign. It’s disconcerting to say the least. Thanks all for your understanding and patience as we figure out what went wrong. * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Possible security issue with my server](https://wordpress.org/support/topic/possible-security-issue-with-my-server/) * [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/possible-security-issue-with-my-server/#post-162409) * Here’s what I’ve done: * Added an .htaccess file to the /wp directory. Change all permissions to what I *think* they should be (see: [http://wordpress.org/support/topic.php?id=21139#post-120173](http://wordpress.org/support/topic.php?id=21139#post-120173)) as well as change all passwords (ftp/cpanel/wp login). If it happens again – I am at a loss, but you’ll be the first to know 🙂 * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Possible security issue with my server](https://wordpress.org/support/topic/possible-security-issue-with-my-server/) * [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/possible-security-issue-with-my-server/#post-162402) * My apologies, that came off harsher than I intended. Just a tad frustrated is all. * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Possible security issue with my server](https://wordpress.org/support/topic/possible-security-issue-with-my-server/) * [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/possible-security-issue-with-my-server/#post-162393) * Sorry if I offended NM, I thought this was a support forum for an application I’m having problems with. I tend to respond better to suggestions and solutions rather than admonishments. Not all of us are mavens. * Back to the issue at hand – could it possibly be a permissions problem? i.e. the famous 5 minute install for 1.5 (I used fantastico to install) doesn’t set permissions correctly? I’m just trying to figure out what went wrong. * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Unauthorized postings](https://wordpress.org/support/topic/unauthorized-postings/) * Thread Starter [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/unauthorized-postings/#post-162385) * I’m beginning to wondering now if it could be as simple as a permissions thing… i.e. the famous 5 minute install for 1.5 (Fantastico did it for me…) does not set the right permissions, thus allowing unauthorized write/execute access. To a new untrained user (like me!) this could be a bad thing. Unfortunately, I can’t confirm or deny as I already went in and reset permissions. * Just a thought. * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Unauthorized postings](https://wordpress.org/support/topic/unauthorized-postings/) * Thread Starter [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/unauthorized-postings/#post-162379) * Hmm. Seems I’m not the only one [http://wordpress.org/support/topic.php?id=26532](http://wordpress.org/support/topic.php?id=26532). My host is currently trying to track down what happened. Not trying to yell FIRE but taking a peek at the raw access logs and it looks to this untrained eyed like someone was able to access the wordpress directory and managed to gleen a password? * Any of this make sense to anyone? The same IP first pulled the whole /wp directory then I see this about 25 time in a row then the same (three requests) for the wp-admin.php file * [07/Mar/2005:00:54:11 -0500] “GET /wp/wp-pass.php HTTP/1.1” 302 5 “-“ “Java/ 1.4.2_04” * 4 minutes later is the time stamp of the first of 15 spam posts, with no requests in between… I just want to find out what happened so I can plug the hole. * cross posted at: [http://wordpress.org/support/topic.php?id=26532](http://wordpress.org/support/topic.php?id=26532) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Possible security issue with my server](https://wordpress.org/support/topic/possible-security-issue-with-my-server/) * [MJ](https://wordpress.org/support/users/mj/) * (@mj) * [21 years, 2 months ago](https://wordpress.org/support/topic/possible-security-issue-with-my-server/#post-162378) * Hmm. Seems I’m not the only one [http://wordpress.org/support/topic.php?id=26488](http://wordpress.org/support/topic.php?id=26488). My host is currently trying to track down what happened. Not trying to yell FIRE but taking a peek at the raw access logs and it looks to this untrained eyed like someone was able to access the wordpress directory and managed to gleen a password? * Any of this make sense to anyone? The same IP first pulled the whole /wp directory then I see this about 25 time in a row then the same (three requests) for the wp-admin.php file * [07/Mar/2005:00:54:11 -0500] “GET /wp/wp-pass.php HTTP/1.1” 302 5 “-“ “Java/ 1.4.2_04” * 4 minutes later is the time stamp of the first of 15 spam posts, with no requests in between… I just want to find out what happened so I can plug the hole. * cross posted at: [http://wordpress.org/support/topic.php?id=26488](http://wordpress.org/support/topic.php?id=26488) Viewing 8 replies - 1 through 8 (of 8 total)