biatch0

Would it be possible to maybe extract EXIF information before using the WP resizing functions, then modifying the resized JPEGs after?

Ok, apparently I didn’t poke around enough. The culprit was the “Stumble Info Link” plugin.

Case close, thanks much iridiax!

Getting the same problem here on FF/IE/Opera.

The worst bit is that the report feature on themes.wordpress is broken; it rejects all of my forms with a Your email address did not appear to be valid. Please check it. regardless of what email address I use.

Small update, I’ve upgraded Apache/PHP/MySQL on my server… and still got my comments turned off (again) today.

I imagine that a majority of people hit by this “hidden” spam will not notice it because it’s not visible unless closely looked at; the only thing that gives it away is the “Comments Turned Off” bit (which I imagine isn’t something the spammer wants to happen, rather it’s probably an unwanted outcome of whatever vulnerability they used to modify your post).

Regarding what’s in it for the spammers; it might not appear that there’s anything in it for them… until you consider what happens assuming a person does a Google/Yahoo/etc. search for something related to your website, or something that would list your blog post, etc.

There’s no use in “upgrading” the blog since it’s breach… since I’m already using the LATEST (2.3.3) version of WP available, and it’s STILL vulnerable. While I’m not 100% certain, this may NOT be a WP vulnerability at all… possibly a new Apache/PHP vulnerability? I won’t know until I do a lot more testing, but I’m really lazy :\

Assuming this is a WP vulnerability again, I don’t know but I’m thinking about migrating to something more secure with less holes like Serendipity soon as much as I love WP and how it works :\

I’ve also been having this “problem” for the last couple of days (my last post on 2.2 mysteriously showed up as “Comments off”). After reading the WP site about the security flaws and fixes in 2.3.3 I decided to upgrade, and then posted about it on my blog. Today, I found the “Comments off” on my most recent post AGAIN.

Taking a closer look at both of the affected posts, I found something VERY interesting. Both were edited and a large amount of spam (links) was appended to the end of the post.

I suggest you go to your dashboard and edit your posts to see if you had your posts modified as well. I think it’s quite likely another WP vulnerability that hasn’t been found by the devs yet (or not fixed yet).

At the moment, I’m just removing the spam links from my posts. It appears that only the MOST recent post can be modified, but I haven’t gone through all of my posts yet so I’m not 100% certain.

I’ve also been having this “problem” for the last couple of days (my last post on 2.2 mysteriously showed up as “Comments off”). After reading the WP site about the security flaws and fixes in 2.3.3 I decided to upgrade, and then posted about it on my blog. Today, I found the “Comments off” on my most recent post AGAIN.

Taking a closer look at both of the affected posts, I found something VERY interesting. Both were edited and a large amount of spam (links) was appended to the end of the post.

I suggest you go to your dashboard and edit your posts to see if you had your posts modified as well. I think it’s quite likely another WP vulnerability that hasn’t been found by the devs yet (or not fixed yet).

At the moment, I’m just removing the spam links from my posts. It appears that only the MOST recent post can be modified, but I haven’t gone through all of my posts yet so I’m not 100% certain.