about spam

Thats a little worrying. You dont mention which version of wordpress which makes it harder to think of ideas. I am not sure if the XMLRPC security bug would permit this which is from 1.5 version. Have you upgraded to the latest?

Are you sure it wasn’t trackback spam? You can close comments, rename all the files you want, whatever, but if trackbacks are still enabled you will still be spammed. To prevent this, you can also turn off trackbacks on all posts in the Options —>Discussion section of the dashboard.

comments and trackbacks are the same in 1.5 if comments are disabled then so are trackbacks if I remember correctly. (big if!)

Sorry for the missing info, i am using Wprdpress 2.0.1 and updating to 2.0.2 right now.
What I am not clear about is that I have enabled “Users must be registered and logged in to comment” and “Anyone can register” disabled. This should STOP all comments, spam+users+alltogether, right?
I am not aware what trackback means (allow pings?). “Attempt to notify any Weblogs linked to from the article (slows down posting.)” and “Allow link notifications from other Weblogs (pingbacks and trackbacks.)” are enabled and “Allow people to post comments on the article” is disabled.
Thanks for all the fast replies.

Read up on trackbacks in the Codex

If you have “Allow link notifications from other Weblogs (pingbacks and trackbacks.)” enabled, you can receive the kind of spam you’re talking about.

ok, thx for all the replies.
i will disable that as well.
(although, even with that, why the option that only registered users can post?and still, with that on off, post can still be posted)
and also, how come i got no spam since august and just today i get 3 of them? all this time with the same settings….
my question still remains, how it is possible to input data into my database when all related options are disabled?

just install akismet plugin and forget about spam

I have upgraded from 2.0.1 to 2.0.2 and enabling akismet right now.

it raises a big question mark for me that I have only one registered used, the option that only registered users can post comments (only me), no new users allowed, comments are disabled and yet, the new comment submissions are here. How is this possible?
I am looking into a complete full 2.0.2 reinstall with admin and database password change, although if somebody would hack this i doubt it that all the done damage is 3 spam comments. (i am 99.99999999% sure that this is not a lost password or a break in).

You are confusing comments and trackbacks again. They are two totally seperate items, even though they both show up under the post in the same section — they are not the same thing!

Since you probably didn’t read the article linked to above, I will try to explain it to you.

A comment occurs when someone reads your site and wishes to say something about what you’ve written. They must click the comment link, write a comment in the little box on your site, and hit send. If you have comments disabled, or set itso that only registered users can post comments, then this will not happen. No one will be able to comment on your site.

A trackback occurs when someone references your site on their own site. A person can leave a trackback on your site *without ever having visted your site* — all they need to know is your trackback url, which is usually your regular permalink url with /trackback added to the end of it.

For example, say you write a post about widgets. Someone else who has a blog about widgets reads your post, writes a post of their own on their blog, but wants to give you credit for your original post. They link to your widgets article in their post, and then they also send you a trackback — basically a little digital note that says, “Hey, I’ve linked to you on my site!” Once again, they *do not have to actually visit your site to do this.* They do it all from their own site.

As you can see, this is very different from comments, even though trakbacks and comments both show up in the same place under your post. Unfortunately, with such great spam control programs in common use today, spammers have resorted to using trackback to spam you because they can leave links to their own sites in the trackbacks they send to your site. If you do not allow trackbacks or pings on your site then this type of spam will also stop. Regulating and moderating comments has NOTHING TO DO with regulating trackback spam because comments and trackbacks are TWO SEPERATE THINGS.

Posting is someting altogether different as well, and turning off these options will have nothing to do with whether or not you will be able to post articles to your site.

So, you can decide to turn off all comments, trackbacks, pings, whatever, and not allow anyone to interact with you via your blog, OR…

You can install an excellent all-encompassing spam program like Akismet, which will catch both trackback and comment spam, and forget about it.

As for why all of sudden you received three spam trackbacks at once — spam is usually sent out by robots, which do so randomly in order to try to avoid detection.

You have not been hacked. You don’t need to upgrade unless you want to. You don’t need to change your password. All you need to do is disable trackbacks, and when someone offers you advice to read an article on the codex, read it.

thank you for taking the time to reply to me.
i have followed all the advices and i have also read the article.
Everything is disabled now.
thx again

No prob.

it seems that all the spam has stopped.
thx for all the replies.