Mystery pages on WooCommerce site allowing SPAM submission but comments disabled

  • I’m receiving a steady and constant barrage of comment SPAM upon a couple of weird pages on one of my self hosted sites. Neither of these two pages appear in my admin control panel, and I have never authorized them for publication. Furthermore, all comments have been disabled site-wide – but despite this fact, there is a submission form upon both of these mystery pages (which is obviously how the crap is getting through).

    The multi-site, self-hosted website can be found here https://xsf-nrg-4.fr – and it is being served up by running upon a LAMP stack VPS with Ubuntu on it. I’ve got admin access to the server, with a pretty solid security protocol implemented on my SSH access – and also, my WordPress administrator panel has two factor authentication enabled. There are several plugins being used, most notabley among these is WooCommerce. Perhaps I should try slimming them down – but they all serve a purpose for me.

    Every day (for the past week or so) I have received MULTIPLE emails from my WordPress server, that are alerting me of a series of almost-identical-comments which are all awaiting approval. Presently I have 177 (and counting) of these SPAM comments that have been submitted. The most relevant information from these email alert-messages is posted below as a couple of excerpts:

    A new comment on the post “xsf_nrg_4fr-background” is waiting for your approval
    https://xsf-nrg-4.fr/xsf_nrg_4fr-background/

    A new comment on the post “Square” is waiting for your approval
    https://xsf-nrg-4.fr/square/

    Each and every message states the following comment: “Muchas gracias. ?Como puedo iniciar sesion?”
    – but there are no nasty hyperlinks to follow either, so I’m completely baffled by what this SPAM-spewer has to gain! And now for my big inquiry: what can I possibly do about this?… How on earth can I make it stop?… And finally – should I just take the bait and “iniciar [a] sesion”? ??

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hey @jakeonamiagnew! ?? Bonjour! (I’m from Italy but I know a few words of French)

    Thanks for opening a thread on www.ads-software.com Forum! It’s Matteo here.

    You can’t find anything on posts or Pages page? I am able to comment on that page. Similar pages exists also for others media?

    Thanks,
    Matteo

    Thread Starter jakeonamiagnew

    (@jakeonamiagnew)

    Hello there @matteospi – and thank you for your willingness to help. I don’t actually speak French, but “merci beaucoup” nonetheless!

    The pages for both the “Posts” and “Pages” settings in my administrator panel are both missing a configuration option for the /square and /xsf_nrg_4fr-background pages that are publicly visible.

    I’ve got a couple of screenshots from my mobile device attached, but the information provided by my more tech-friendly desktop computer set-up shows the very same lack of resources for the glitchy mystery pages. I just happen to be on my phone currently, instead of my much-preferred computer… so I hope these screenshots are helpful.

    Xsf_Nrg_4fr-empty-posts.png

    Xsf_Nrg_4fr-published-pages.png

    Essentially, I can boil this problem down to two different issues that I would like to solve: 1. Why are there comments allowed ANYWHERE on my website, if they are disabled site-wide? 2. How have two of my image media files managed to create their very own posts, which are inaccessible to me as an admin?

    I hope that this information is successful in further describing the situation. Thanks again for your help!

    Hey,

    So you’re not French? Your extension was “.fr” so I was just guessing.

    Both of issues are quite tricky to solve on the forum. You should get in touch with a professional Developer to get some help about it.

    Let me know for anything else.

    Thanks,
    Matteo

    Thread Starter jakeonamiagnew

    (@jakeonamiagnew)

    Thanks for the information Matteo, and sorry for the delayed response.

    I can understand the confusion and mix-up, whereby you thought I was French because of the TLD type. The simple fact of the matter, is that I have been using this domain as a stylistic representation of my brand-name Xsf_Nrg_4fr [Excessive Energy Forever] – however, that is a topic for another place and time ??

    With regards to the glitches and hiccups that I have been experiencing with WordPress: you have suggested that I speak with a developer – but would it help the WP community if I were to submit a bug-report?… and if I were to do so, should I reach out to EITHER the WooCommerce developers OR the core WP team instead (or maybe BOTH)?

    I am not sure about how best to proceed here, and I would appreciate just a little bit more information from you – or anyone else who could help. Do you have any further recommendations Matteo?

    Gratefully, and earnestly confounded –

    JakeOnamiAgnew

    Hello,

    No, you shouldn’t do a bug report. The problem you have it’s not a WordPress nor WooCommerce bug. In this case, you should just speak with a web developer that can check with you further, or try to ask to your web hosting. Maybe they can help.

    For anything else, just ask.

    Thanks, ??
    Matteo

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Mystery pages on WooCommerce site allowing SPAM submission but comments disabled’ is closed to new replies.