Illegal posting on my blog
If you undelete the post and set it to private, so only you can see it, staff will be able to have a look at it when they read this thread which I have marked for their attention.
To be on the safe side I would advise changing your password for both your blog and your e-mail address.
It’s a spam. You need to deactivate post by email to prevent it from happening again.
A few more suggestions:
The only “hacked” sites I have seen here have been people getting the password somehow to a site so you do want to be careful how you log in and use a tough password.
You should also check to make sure that someone has not added a new user to your site. Problems have also happened when there was more than one Admin. and an Admin left on less than graceful terms.
Dashboard >> Users
There have also been a few Posts on “hacked” sites and it was because someone got the Post by Email address and using the Post by Email to send in new Posts, if you have Post by email disable the Post by Email and regenerate the address. Spammers have scripts the generate email addresses and they sometimes can get a valid address for a Post by Email address.
I don’t think I have had post by email activated but now I have enabled and deleted it and changed all passwords. Thanks for all the help.
post by email … but now I have enabled
Aha, now I found how to disable post by email and post by voice as well to be really safe.
Thank you for posting about this. We’re looking into it now to check everything out and make sure things are secure.
Thanks for letting us know about this. We also noticed something suspicious. We have reset the passwords of all affected users and have sent them an email to let them know. If there was any spam posted and not removed before we got there, we also went ahead and cleaned that up.
It is very likely that you were using the same password on WordPress.com that you used elsewhere. Recently, a few large services — LinkedIn, Yahoo, eHarmony, and Last.fm to name a few — have suffered well-publicized security breaches that have exposed email addresses and passwords. Although the passwords are usually stored securely, simple passwords can be decrypted or “cracked” in a matter of hours using modern technology.
Hackers gather the lists of email addresses and passwords from these services and then try to use them to access accounts on other popular services, like WordPress.com. If you used the same password multiple places, then your account can be compromised. That is what happened here. We do have measures in place to protect password guessing or “brute force” attacks but in this case, since the password is known beforehand, there is no need for a hacker to guess.
You should have a strong, unique password for every account you have on the internet. We have some more information on selecting a strong password in our Support section, please read through it:
If you have any additional questions about the security of your account, please contact us using the form on this page:
We take security seriously, and are happy to answer any questions you have.
The topic ‘Illegal posting on my blog’ is closed to new replies.