OMG, someone posted comment on an autosave/revision post!

  • Resolved orkor

    (@orkor)


    14 years, 4 months ago

    Hi guys,

    someone posted on an autosave/revision post on my blog today..
    How is that even possible? Did they hack my database?

    Please let me know if there are any vulnerabilities I should know about.

    Thanks a lot, much appreciated

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator James Huff

    (@macmanx)

    Are you currently running WordPress 3.0? Was it a spam comment or a legitimate comment? Are you currently using any anti-spam plugins or built-in anti-spam measures via Settings/Discussion in your admin panel?

    Thread Starter orkor

    (@orkor)

    It was a legitimate comment (100% sure)

    I’m using AKISMET (verified)

    I wasn’t using 3.0, I was using 2.8.6 but I immediately upgraded to 3.0 now after this incident.

    Anyway, it shouldn’t be possible to add a comment to an unpublished post revision or autosave .. not even in 2.8.6

    Banned the IP on my server for now, but he might be back ..

    I wouldn’t worry too much about this ‘Intrusion’. If it was a hacker he would have done much more than just left a comment on an unvalidated post. They could have completely defaced your website, which would have been more likely in this case.

    As for your database being ‘Hacked’, this seems very unlikely as they could have stolen your username (admin) and password. This seems again more likely. Then they wouldn’t have had to leave a comment anywhere.

    It was probably just a small glitch. Make sure you stay up-to-date. Thats all I can say ??

    Moderator James Huff

    (@macmanx)

    More than likely, it was the automated comment injection vulnerability that 2.8.6 suffered from. You should be fine now that you’ve upgraded.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘OMG, someone posted comment on an autosave/revision post!’ is closed to new replies.