foxylady337
Forum Replies Created
-
Although you seem to have fixed the 404 handler issue, and a normal “Can’t Find This URL” error comes up when I try https://www.seniorsfirst.org/xyz etc.,
https://sitecheck.sucuri.net/results/seniorsfirst.org
reports that your site has been blacklisted.
Clearly some work needs to be done.
Forum: Everything else WordPress
In reply to: Hacked WordPress websites being used for spamOK – I’ll get back to emptying my spam bucket.
Forum: Everything else WordPress
In reply to: Hacked WordPress websites being used for spamSo the fact that the majority of the sites which have been hacked in this way use WordPress is coincidental, and perhaps merely reflects the large number of WordPress users?
Forum: Everything else WordPress
In reply to: Hacked WordPress websites being used for spamYes but these are completely unrelated to the login details for the site itself.
I’m not sure what you’re saying here. The admin credentials I’m talking about (which allow the creation of new directories, etc) will give whoever has them read-write capability over every file in the site.
Forum: Everything else WordPress
In reply to: Hacked WordPress websites being used for spamWhat admin passwords? All the author urls show is the username.
I’m presuming that the creation and population of a new directory in a website requires admin privileges.
No – because every hack is different.
I have encountered several hundred like the examples I gave above. An unfamiliar directory should raise the alarm. A general warning to the site admin about hacking when a new version of WordPress is downloaded, and advice about checking for unfamiliar files in the website’s structure would help.
I should probably just shut up now, and just let my spam filter throw these emails in the bin – it annoys me, though…
Forum: Everything else WordPress
In reply to: Hacked WordPress websites being used for spamThere are many reasons why a site may have been hacked but there are no known security issues in the current version of WordPress
Agreed, and the link is very helpful. My point was, though, that a naive site manager might not think there was much harm in a folder on his site being used to promote ineffective and potential dangerous products, but that the fact that administrator passwords were known to the hackers might suddenly make him less relaxed!
Does the WordPress application prompt site administrators when a new version is released? Could some form of hack detection be advised at that stage?
Forum: Everything else WordPress
In reply to: Hacked WordPress websites being used for spamIn some instances there is a “Contact Us” feature or an email contact, but this is a tedious procedure and I was hoping for something easier.
Here are some recent examples of hacked sites:
https://arigraphix.com/alumnigrayson/
https://blog.ikipiro.com/concoctinconsolable/
https://buyaffordablejewelry.com/hereuntodolanand the pattern in the others is similar – a bogus directory added, named using a couple of random words.
I appreciate that WordPress has a huge number of users and individual communication is not likely to be practicable, but presumably there is some mode of communication with users in general (notification of upgrades, for example), and a “how to detect hacking” guide could be put in.
Businesses may not suffer directly from hosting spammers, but the breach of security must be a concern.