• A Russian website is planting links to its site in blog posts. The place is https://www.sibresource.ru, which is in Russian. The apparent IP is 217.112.37.32, which I recommend one do an IP ban on.

    If you have any information on the site, please pass this on to Akismet and other spam blocking plugin authors. Also pass on this information to the party hosting your blog.

Viewing 6 replies - 1 through 6 (of 6 total)
  • I just got hacked by that site too. My latest blog post was largely deleted and replaced with:

    <font style="position: absolute;overflow: hidden;height: 0;width: 0"><a href="https://www.sibresource.ru/">ландшафт</a></font>

    Any idea how this happens? What do I need to change to plug this hole? Thanks.

    You’re both on 2.6? Since when? Any plugins in use with known vulnerabilities? Are you on a dedicated or shared server?

    I am on 2.6, since shortly after its release. Only plugins are Akismet and WordPress.com stats. Shared server (Dreamhost).

    That’s not good news. Hopefully you fell victim to another insecure website on the same server.
    Did you check error logs, etc. to find out how they came in? I’m no real expert on the matter, but if this is a 2.6 matter it concerns us all. If you DO have experience with tracking holes and hacks, I suggest you gatter as much information as possible and email it to [email protected].

    I have been having problems with large numbers iof Russian / Cyrillic spam getting past Akismet. This would just be a nuisance EXCEPT …

    At least once the spam seemed to replace an existing legitimate comment and deletion of the spam deleted the legitimate comment too.

    (I’m version 2.7)

    Moderator Tellyworth

    (@tellyworth)

    psybertron, please contact Akismet support with any information you remember about that comment.

    https://akismet.com/contact/

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Heads Up re Hack’ is closed to new replies.