mrfrazzlebottom

yes. auto-updateing to 2.9.2 deleted all my comments.

(7 months no reply, but….)

Maybe it is related to the <a name="here"> translation that WP confounding wants to do in posts and pages. I.e., I enter

<a name="1"><h2>One</h2></a>

and WP displays:

<p><a name="1"><br />
</a></p><h2><a name="1">One</a></h2>

This is totally wrong for WP to do and I mention it to document this behavior as well as mentioning that it may be related to what you wrote.

I have four WP sites running v2.3, v2.3.1, v2.3.3 and v2.5. All but the v2.5 have had access as explained in this hack; but none of them have been compromised as far as I can tell.

But strangely, all my databases’ tables WP_OPTIONS do not have ACTIVE_PLUGINS as some have mentioned. All they have are:

OPTION_ID
BLOG_ID
OPTION_NAME
OPTION_VALUE
AUTOLOAD

Am I not understanding something perhaps?

Also, someone mentioned ‘rss_f541b3abd05e7962fcab37737f40fad8’ as a place to look for a hack indication. Well, what is it used for beside, I assume, a place for useless information that is better off placed into a README file of some kind? It is utter waste in the database. And since it is filled with such utter nonsense it is ripe for hacking!

See: https://xref.redalt.com/wp20/nav.htm?_variables/index.htm

It is unused.

YET ANOTHER UPDATE

I think that these are indicative of a user/bot trying for a PHP exploit. The logged URLs are of already compromised sites, it looks like, with some pages returning this string:

<?php echo md5("just_a_test");?>

Some of PHP’s file functions can open/read URLs and not just local files, so, if a PHP based site that simply ‘fopens’ (or some such) a passed argument (i.e. “?p=filetoread” and then somehow eval’ed that file, an exploit such as this just may find an exploit.

This is what I am thinking anyway. I do not know enough about WP’s internals to know whether or not an exploit such as this would find anything.

Thanks again for allowing me to post this. Perhaps it will provide some help to someone.

UPDATE:

I just checked the logs for a non-WP site and it too is getting these kinds of queries. So, most likely this is NOT WordPress related.

Looks like some users/bots are randomly supplying URLs to links that have “arguments” (such as “?p=”).

I repeat: This is not directly related to WordPress.

I beg your indulgence.

It would be real nice to be able to adjust the the size of the thumbnails (I am modding my code right now to do this).

Oh, yeah.

If you want a relatively static site consisting of just a book, then ignore what I just said!

WordPress can be used for a Book-like site real easy.

Just post your chapters in reverse order.

You can also the “Edit timestamp” feature to force the ordering of your posts if you want to “insert” a chapter or section.

I did something like this. Typically, posts are newest first, so, posting “chapters” results in:

1.2 Basic layout
1.1 What is a blog
Chapter 1 – Introduction

One can modify the index.php code to reverse sort, but for a blog that will have many posts over a year, say, readers will always be having to follow links to get to the latest posts.

But, here is an easy alternative: Bookmark your chapters and create a Sidebar that lists the chapters in their proper order.

1. Create a Blogroll category, say “Chapters” and note the category number assigned by WP (2 in this example).
2. Create each Chapter post; they will be viewed in reverse order, but that’s okay.
3. Modify the sidebar (you’ll need a theme with a sidebar, of course) like so:

<ul>
 Chapters
 <?php wp_list_bookmarks('category=2'); ?>
</ul>

4. For each Chapter post create a new Blogroll (Add) Link, like “Capter 1,” “Chapter 2,” “Chapter 3.”

When the site is viewed a list of Chapters should appear in the sidebar.

Here is an example site: https://gajennings.net/words/stories/

Where in the sidebar on the left is a similar list (although the header “Serials” is used rather than “Chapters”).

Then, of the “trackback” comment:

[…] unknown wrote an interesting post today onExcerpt from site was posted here … […]

The text “Excerpt from site was posted here … “ is controlled by MY wordpress install, and the leading text “[…] unknown wrote an interesting post today on” along with the trailing “[…]” is the remote comment? (More or less?)

Hey, thanks for all your help! I needed it.

Thanks again whooami… I understand more now.

However, it still explains nothing about the mechanisms or mechanics behind how the “excerpt” is created, nor anything about the “[…]”. Do you happen to know more about this?

All the trackbacks my site has, and many I have (now) seen are pretty badly formated. Here is an example:

[…] unknown wrote an interesting post today onExcerpt from site was posted here … […]

The formatting and grammar being terrible. Far better it seems to me would be something like:

Trackback From [website]: Comment about post.

Like, something obvious that it is a trackback!

I mean, this is all kind of poorly implemented, although designed well.

Thanks whooami.

I am reading

https://www.sixapart.com/pronet/docs/trackback_spec

and

https://www.tamba2.org.uk/wordpress/TestTrack/category/test/

and am still confused!

Here is a site that looks like is is automated to create these “link spams” (as I think of them). https://www.christian.luiscorreia.com/ Note that all the posts start with:

“[link] wrote an interesting post today on
Here’s a quick excerpt”

And end with:

“Read the rest of this great post here”.

Most of the links are to WordPress blogs.

P.S. If this topic is covered somewhere else, or inappropriate for this forum, please set me straight. Thank you.

Are these “Trackbacks”?

Pardon my ignorance, but I have read the several documents about trackbacks, and they do not make much sense to me, sorry.

Here is a link that shows what I mean (scroll down the page):

https://dougal.gunters.org/blog/2005/12/06/poisoning-the-well

The “blank screen” upon submitting comments, in my testing, results when the post has a DRAFT status.