Need help? Check out our Support site, then


Hijacked Posts

  1. Hello- A few weeks ago I posted a question here about 'zombie posts'- I had one of my posts hijacked and duplicated. (The thread has vanished.)

    The content of the duplicate post was replaced with an ad for Olympus digital cameras. The result was that my blog showed two posts with the same title, but the content of one of the posts was spam.

    When I alerted support to the problem, they told me to change my password.

    Well, another post has been hijacked and duplicated. Should I turn my computer off then on again? :)

    WordPress is being attacked by spammers who have figured out how to use posts to spam, instead of comments.

    The comment spam filter works pretty well; now it's time to develop one for post-spam too. I can keep changing my password until kingdom come, but if this is happening to me, then it's happening to other people.

    The blog I need help with is anolen.com.

  2. Another possibility is that your computer's been hacked. Try using a different browser, or a friend's computer. It's not likely, but easy enough to rule out.

  3. Regardless, please don't delete the post, but make it "Private" so that Staff can have a look at it.

    Here are some security tips from timethief, another forum volunteer:
    http://en.forums.wordpress.com/topic/unauthorized-publication?replies=6#post-1047105

  4. anolen - could you please let me know the title of the post, or let me know its date and time, so we can take a look?

    In the meantime, you may want to deactivate Post by Email (or regenerate the secret email address) and change your master password to something very strong.

    Here are some more security tips:

    http://en.support.wordpress.com/security/

    http://en.support.wordpress.com/selecting-a-strong-password/

  5. Hi kathrynwp-

    I've already deleted the post. The links that you've given are helpful though, thanks!

  6. It's good to know what I posted was helpful. Best wishes with your blog.

  7. I wasn't using https setting when visiting the administration pages, which may be the problem. (Why wouldn't this be automatically enabled for all blogs?)

    There were no other users on my account; voice and email posting was never enabled and I've got a strong password.

    If I have this type of unauthorized post happen again, I will save it then reply to this thread.

  8. I wasn't using https setting when visiting the administration pages, which may be the problem. (Why wouldn't this be automatically enabled for all blogs?)

    Secure https connections are slower than regular connections, so we don't enable them by default. If you're on a password-protected network in the privacy of your own home, it isn't usually a problem, but on shared networks in public places, https becomes preferable.

    Please do let us know if this happens again. First, change your password, and then set the page to draft mode, and send us a link so we can have a look. We take security very seriously and have a special form dedicated to reporting security issues:

    http://automattic.com/security/

    Just let me know if we can be of further help.

  9. Good morning,

    I found another hijacked post this today.

    http://anolen.com/2012/12/08/anamorphosis/anamorphosis-orosz/

    Although I'd selected "Always use HTTPS when visiting administration pages (Learn More)" when we spoke about this a few weeks ago, the setting was not selected when I checked again this morning.

    Do these settings get reset periodically by WordPress? Why would my https option change? Is it something to do with the bandwidth WordPress has available, because, as noted above, the more secure https takes up more resources?

    My original post is here

    http://anolen.com/2012/12/08/anamorphosis/

    I only find these hijacked posts if they've been viewed by visitors, so I don't know how many more may be out there.

    Thanks.

  10. Hi there - thanks for this report.

    This page:

    http://anolen.com/2012/12/08/anamorphosis/anamorphosis-orosz/

    looks like a normal media attachment page, which was generated automatically by WordPress when you embedded images on its parent page here:

    http://anolen.com/2012/12/08/anamorphosis/

    I'm not able to see any spam, do you?

    If you click each of the images on that page you'll see their associated media attachment pages, which, as expected, display the image and the caption you entered when you added the image.

    http://anolen.com/2012/12/08/anamorphosis/anamorphosis-orosz-ii/
    http://anolen.com/2012/12/08/anamorphosis/holbein-the-ambassadors/
    http://anolen.com/2012/12/08/anamorphosis/holbein-skull-the-ambassadors/

    If you prefer that the images not link to an image attachment page, you can choose one of the other options for an image. For example, instead of displaying its associated attachment page, you could make the image not clickable at all, or you could have it display the image itself, not embedded in a page.

    You can learn more about attachment display settings here:

    http://en.support.wordpress.com/images/

    Do these settings get reset periodically by WordPress? Why would my https option change?

    Once you choose that setting it should stay. Is it possible you accidentally forgot to save your settings after changing them?

  11. I appreciate your help, but if I thought that I accidentally forgot to save the settings I wouldn't have posted here.

    I will set the blog not to link to an image attachment page. Do you have any ideas on why these image attachment pages sometimes display unrelated text, as happened with the Olympus Digital Camera example that I posted about here?

    http://en.forums.wordpress.com/topic/zombie-posts?replies=2#post-1088189

    Thanks!

  12. If you do see a post with spam on it and your content gone, then it might mean that your site was hacked. If it happens again, please let me know and I'll be glad to investigate. Be sure to change your password to something strong and feel free to set the post to draft mode.

    If you need anything else, just let us know.

Topic Closed

This topic has been closed to new replies.

About this Topic