Comments on: Interesting WP Spam Hack

By: Ryan Deschamps

Ryan Deschamps — Fri, 18 Dec 2009 03:15:42 +0000

SQL Injection would be my first guess, but its possible that a javascript attack could work as well. Untested, but I wonder if the permitted emphasis or bold tags could be exploited to make that happen.I'd also check within the email or website fields. . .

By: Jason Griffey

Jason Griffey — Tue, 15 Jul 2008 02:16:44 +0000

Well…its not an out of date install. We’re current on that. It’s not a single password/user combo, because it was done on 5 different posts with 3 different users. Possibly a plugin…3 of the posts were podcasts, with associated plugin goodness.

I’ll keep digging. For now, everything is fixed.

By: Justin

Justin — Tue, 15 Jul 2008 01:54:59 +0000

Did you ever see my post, Search Engine Marketeers are the new script kiddies? This is different though, in my case, my template got hacked. Sounds like either an out of date WP with a xmlrpc vulnerability, or someone's password got cracked. Another possibility is an evil plugin? Searching for similar posts would be easy, just look for "display:none"

By: amy

amy — Mon, 14 Jul 2008 23:45:27 +0000

this happened to the Library Student Journal blog which is hosted by LISHost. the wonderful Blake helped me out but it was too late – the blog was not salvageable. but maybe he knows how to fix it?

By: joshua m. neff

joshua m. neff — Mon, 14 Jul 2008 21:38:41 +0000

More weirdness: when it happened to me, it didn’t show up in Bloglines but it did in Google Reader.

I removed the spam from the two posts on my blog and that seemed to solve the problem. Haven’t had it happen since.

By: Ryan Deschamps

Ryan Deschamps — Mon, 14 Jul 2008 21:36:55 +0000

I’d also check within the email or website fields. . .