Hijacked Posts

  • Author
    Posts
  • #1095799

    anolen
    Member

    Hello- A few weeks ago I posted a question here about ‘zombie posts’- I had one of my posts hijacked and duplicated. (The thread has vanished.)

    The content of the duplicate post was replaced with an ad for Olympus digital cameras. The result was that my blog showed two posts with the same title, but the content of one of the posts was spam.

    When I alerted support to the problem, they told me to change my password.

    Well, another post has been hijacked and duplicated. Should I turn my computer off then on again? :)

    WordPress is being attacked by spammers who have figured out how to use posts to spam, instead of comments.

    The comment spam filter works pretty well; now it’s time to develop one for post-spam too. I can keep changing my password until kingdom come, but if this is happening to me, then it’s happening to other people.

    The blog I need help with is anolen.com.

    #1095895
    #1095905

    seschoen
    Member

    Another possibility is that your computer’s been hacked. Try using a different browser, or a friend’s computer. It’s not likely, but easy enough to rule out.

    #1095907

    justjennifer
    Moderator

    Regardless, please don’t delete the post, but make it “Private” so that Staff can have a look at it.

    Here are some security tips from timethief, another forum volunteer:
    https://en.forums.wordpress.com/topic/unauthorized-publication?replies=6#post-1047105

    #1095914

    kathrynwp
    Staff

    anolen – could you please let me know the title of the post, or let me know its date and time, so we can take a look?

    In the meantime, you may want to deactivate Post by Email (or regenerate the secret email address) and change your master password to something very strong.

    Here are some more security tips:

    http://en.support.wordpress.com/security/

    http://en.support.wordpress.com/selecting-a-strong-password/

    #1095915

    anolen
    Member

    Hi kathrynwp-

    I’ve already deleted the post. The links that you’ve given are helpful though, thanks!

    #1095916

    timethief
    Member

    It’s good to know what I posted was helpful. Best wishes with your blog.

    #1095917

    anolen
    Member

    I wasn’t using https setting when visiting the administration pages, which may be the problem. (Why wouldn’t this be automatically enabled for all blogs?)

    There were no other users on my account; voice and email posting was never enabled and I’ve got a strong password.

    If I have this type of unauthorized post happen again, I will save it then reply to this thread.

    #1095919

    kathrynwp
    Staff

    I wasn’t using https setting when visiting the administration pages, which may be the problem. (Why wouldn’t this be automatically enabled for all blogs?)

    Secure https connections are slower than regular connections, so we don’t enable them by default. If you’re on a password-protected network in the privacy of your own home, it isn’t usually a problem, but on shared networks in public places, https becomes preferable.

    Please do let us know if this happens again. First, change your password, and then set the page to draft mode, and send us a link so we can have a look. We take security very seriously and have a special form dedicated to reporting security issues:

    Security

    Just let me know if we can be of further help.

    #1096022

    anolen
    Member

    Good morning,

    I found another hijacked post this today.

    http://anolen.com/2012/12/08/anamorphosis/anamorphosis-orosz/

    Although I’d selected “Always use HTTPS when visiting administration pages (Learn More)” when we spoke about this a few weeks ago, the setting was not selected when I checked again this morning.

    Do these settings get reset periodically by WordPress? Why would my https option change? Is it something to do with the bandwidth WordPress has available, because, as noted above, the more secure https takes up more resources?

    My original post is here

    http://anolen.com/2012/12/08/anamorphosis/

    I only find these hijacked posts if they’ve been viewed by visitors, so I don’t know how many more may be out there.

    Thanks.

    #1096023

    kathrynwp
    Staff

    Hi there – thanks for this report.

    This page:

    http://anolen.com/2012/12/08/anamorphosis/anamorphosis-orosz/

    looks like a normal media attachment page, which was generated automatically by WordPress when you embedded images on its parent page here:

    http://anolen.com/2012/12/08/anamorphosis/

    I’m not able to see any spam, do you?

    If you click each of the images on that page you’ll see their associated media attachment pages, which, as expected, display the image and the caption you entered when you added the image.

    http://anolen.com/2012/12/08/anamorphosis/anamorphosis-orosz-ii/
    http://anolen.com/2012/12/08/anamorphosis/holbein-the-ambassadors/
    http://anolen.com/2012/12/08/anamorphosis/holbein-skull-the-ambassadors/

    If you prefer that the images not link to an image attachment page, you can choose one of the other options for an image. For example, instead of displaying its associated attachment page, you could make the image not clickable at all, or you could have it display the image itself, not embedded in a page.

    You can learn more about attachment display settings here:

    http://en.support.wordpress.com/images/

    Do these settings get reset periodically by WordPress? Why would my https option change?

    Once you choose that setting it should stay. Is it possible you accidentally forgot to save your settings after changing them?

    #1096024

    anolen
    Member

    I appreciate your help, but if I thought that I accidentally forgot to save the settings I wouldn’t have posted here.

    I will set the blog not to link to an image attachment page. Do you have any ideas on why these image attachment pages sometimes display unrelated text, as happened with the Olympus Digital Camera example that I posted about here?

    https://en.forums.wordpress.com/topic/zombie-posts?replies=2#post-1088189

    Thanks!

    #1096025

    kathrynwp
    Staff

    If you do see a post with spam on it and your content gone, then it might mean that your site was hacked. If it happens again, please let me know and I’ll be glad to investigate. Be sure to change your password to something strong and feel free to set the post to draft mode.

    If you need anything else, just let us know.

The topic ‘Hijacked Posts’ is closed to new replies.