My comments are turned off.

I’ve also been having this “problem” for the last couple of days (my last post on 2.2 mysteriously showed up as “Comments off”). After reading the WP site about the security flaws and fixes in 2.3.3 I decided to upgrade, and then posted about it on my blog. Today, I found the “Comments off” on my most recent post AGAIN.

Taking a closer look at both of the affected posts, I found something VERY interesting. Both were edited and a large amount of spam (links) was appended to the end of the post.

I suggest you go to your dashboard and edit your posts to see if you had your posts modified as well. I think it’s quite likely another WP vulnerability that hasn’t been found by the devs yet (or not fixed yet).

At the moment, I’m just removing the spam links from my posts. It appears that only the MOST recent post can be modified, but I haven’t gone through all of my posts yet so I’m not 100% certain.

Thanks Biatcho, I did find spam on two posta . Lots of URLs, a stack at the end of the blog but which don’t show up in the published post. I wonder what’s in for the spammers to do this?

I managed to put up another post and so far the comments work. The guy who helped set up the blog originally says the whole blog has to be upgraded since its breached. mike

<meta name="generator" content="WordPress 2.1" /> <!-- leave this for stats -->

The guy who helped … is right. Your site is a mess, and honestly, the last thing you ought to be worrying about is having comments on.

I imagine that a majority of people hit by this “hidden” spam will not notice it because it’s not visible unless closely looked at; the only thing that gives it away is the “Comments Turned Off” bit (which I imagine isn’t something the spammer wants to happen, rather it’s probably an unwanted outcome of whatever vulnerability they used to modify your post).

Regarding what’s in it for the spammers; it might not appear that there’s anything in it for them… until you consider what happens assuming a person does a Google/Yahoo/etc. search for something related to your website, or something that would list your blog post, etc.

There’s no use in “upgrading” the blog since it’s breach… since I’m already using the LATEST (2.3.3) version of WP available, and it’s STILL vulnerable. While I’m not 100% certain, this may NOT be a WP vulnerability at all… possibly a new Apache/PHP vulnerability? I won’t know until I do a lot more testing, but I’m really lazy :\

Assuming this is a WP vulnerability again, I don’t know but I’m thinking about migrating to something more secure with less holes like Serendipity soon as much as I love WP and how it works :\

Small update, I’ve upgraded Apache/PHP/MySQL on my server… and still got my comments turned off (again) today.

Okay, I have the same problem. Although, I can’t find any attached spam. Where do I look?

I’ve tried to go in under options to see if something was unchecked related to comments, but all is well there.

How do I get comments back on?

My site, if it helps, is https://www.springboardforsuccess.com/blog and it’s my most recent post.

Help.

Robin

Rgifford,

<meta name=”generator” content=”WordPress 2.2.2″ /> <!– leave this for stats –>

—

Im not going to assist people that are knowingly running software that is insecure. Im just going to start pasting version #s. Im tired of it. The people on this support forum ought to start telling people to get off their lazy duffs and start being responsible web masters. Its pathetic honestly, that people worry about plugins working, and comments being off, when they can just as be hacked and lose everything.

The fact that these older versions get any support, propogates the idea that they dont need to upgrade. If you didnt get help, who knows, you might actually do something.