New WP Exploit?

  • My moderation queue is filling up with spam – 20 or more messages a day. Here’s the catch: ALL comments are disabled. Comments are disabled for the site as a whole and for the each individual blog entry.

    This problem started a week ago and at the time I was using WP 2.2x so the other day I had my hosting company (hostmysite.com) upgrade me to 2.51 because a problem had been reported against older versions of WP having an exploit that let hackers disable plugins and I’m using Akismet. The upgrade does not appear to have fixed the problem.

    BTW,. I had the tech at HostmySite.com look at my WP settings to verify that I really do have comments totally disabled.

    Now what?

    Thanks in advance!

Viewing 5 replies - 1 through 5 (of 5 total)

  • they’re not pingbacks or trackbacks are they?

    Thread Starter plnelson

    (@plnelson)

    they’re not pingbacks or trackbacks are they?

    I’m new at the WP 2.51 UI – Do those show up in the Manage Comments | Awaiting Moderation queue, with the label Comment?

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    They can show up as though they are comments, yes.

    Disable “pings” on the post as well as comments.

    Also turn off “Allow link notifications from other blogs (pingbacks and trackbacks.)” on the Settings->Discussion page.

    Thread Starter plnelson

    (@plnelson)

    <i>They can show up as though they are comments, yes.</i>

    OK, I’ll try disabling pingbacks and trackbacks (thanks!!), but meanwhile, is there a way to tell when something in the Comments queue didn’t really come is as a comment?

    if its in the comments queue, it’s a comment… trackbacks and pingbacks are just types of comments.

    What you’re asking for is some form of ‘exploit detection’ right? – well, if wordpress could mark potential exploits with a big sign that says [EXPLOIT], wouldn’t it make sense to just close the hole through which they came instead?

    The point of exploits is that they’re not accounted for by the software, therefore, no matter how a comment gets in the list of comments – it will show up as a comment.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘New WP Exploit?’ is closed to new replies.