Security breach

  • Author
    Posts
  • #892171

    iluvromania
    Member

    5 minutes ago I got an email telling me that I posted something on my blog… Which I didn’t.
    The post was title “how to please your gf” and in the post was a link to guess what… an online drug store.
    Is there any way i can see from what IP address was that posted?
    Or any other way to see what happened?

    Thanks

    The blog I need help with is iluvromania.wordpress.com.

    #892296

    iluvromania
    Member

    Oh, and also forgot to mention that visits went through the roof today. Since my blog is new I don’t have an audience built up so i get 20 to 30 hits per day. Today I got 270 hits

    #892297

    timethief
    Member
    #892298

    timethief
    Member

    WordPress.com has been running advertising on our free hosted blogs since 2006. Many bloggers do not know this because despite the fact they ticked the box required to get a free blog, they did not read the ToS. Many also do not read features page, or advertising entry in the support documents after registering their username and blog(s). Also note that as the ads do not display to us when we are logged in, and as many use browsers with ad blockers when logged out, they may not realize they are there at all. The only way to get rid of all advertising on our free hosted WordPress.com blogs is to purchase an annually renewable No-Ads upgrade.

    If you feel an ad is inappropriate please take a screenshot of it and upload it into your Media Library and Staff will view it there.

    #892299

    iluvromania
    Member

    I have a strong password, its 8 chars, 6 letters and 2 numbers. It’s all random letters, not a word. How more secure can it be. Its not a password you can guess, and I hope that if someone tried to force brute wordpress.com would have something to say…

    #892304

    timethief
    Member

    Please confirm whether or not you are referring to the blog linked to your username. If it’s not that one, then please post a link to the blog in question. Then Staff will take a look at it.

    #892308

    auxclass
    Member

    Do you have Post by email enabled? If so disable it and generate a new address – there have been cases where a persons email was hacked and the Post by email address was obtained.

    There have also been cases where someone got access to a computer that had log in info to a persons blog.

    Also check your dashboard >> Users and make sure you don’t have an extra user.

    #892320

    iluvromania
    Member

    @timethief This is my blog
    @zuxclass None of the above happened. My email is secure with a different password, only this time this is generated. And the post was made using my admin user name…
    I deleted the email used to Post by email.
    And also my computer is as safe as it can get.
    I have no idea how this could have happened…

    #892321

    macmanx
    Staff

    That post was sent to your Post by Email email address.

    Most email spam bots just send out email to randomly generated email addresses, and sometimes they get lucky and land on your Post by Email address.

    It’s not common, but it is one of the known risks.

    At this point, I recommend re-generating your Post by Email address: http://en.support.wordpress.com/post-by-email/

    #892322

    iluvromania
    Member

    I think I’ll just stop using it.
    I had no idea that this is a meaning of advertising. I mean, if you post on someones blog, don’t you think they would see?

    Anyway, thanks all for your help

    #892323

    macmanx
    Staff

    It’s not necessarily that they meant to post on your blog, it is a bot after all, not a person.

    Really, it meant to send a normal spam email, and the email address it was sent to happened to post to your blog.

    #892336

    auxclass
    Member

    I have an email subscription to my site and sites I help with so I get an email every time a Post is made so if something does happen I see it right away.

    #892344

    iluvromania
    Member

    So do I. I have been noticed the instant the post was made.
    But is still a security breach.

    #892346

    macmanx
    Staff

    It’s not a security breach, just an email spam bot sending thousands of spam emails out to thousands of randomly generated email addresses. As luck would have it, one of those was your Post by Email address.

    #892522

    raincoaster
    Member

    I would never enable post by email. It’s too big a security hole, as you can see.

    #892526

    nandobase
    Member

    What? Is it possible if I write an email to a friend that supposed to be classified information but turned up to show as a new blog post?

    #892527

    raincoaster
    Member

    No. That is not how it works.

    #892533

    macmanx
    Staff

    No, when you enable Post by Email, you essentially turn your blog into another inbox which publishes every email it receives.

    This is handy for folks who are on the go with no access to one of the mobile apps or a decent web browser, but like any email inbox, it’s also susceptible to spam.

    See http://en.support.wordpress.com/post-by-email/ for more details.

    #892539

    nandobase
    Member

    Oh I see. Once I enable it, I would receive an email address that I should kept it secret, so no one else can use it to post a new article in my blog but me. Got it. Thank you Macmanx and Raincoaster.

    #892541

    raincoaster
    Member

    That’s right. And that’s also why your security on that email address should be ironclad. Use a more complex password than you ever thought you’d need, if you want to do this.

The topic ‘Security breach’ is closed to new replies.