Spam post published in my Blog

  • Author
    Posts
  • #954533

    taylorling
    Member

    I just realized that there is a spam post (not comment!) published to my blog with the title ‘Now Your All Dreams Will Going To Become Reality with Your Own Home Business’. A quick search in Google revealed that many wordpress.com blog get affected by this, does that mean our login info is exposed?

    I am very worry about this.
    Blog url: http://ghost301tech.wordpress.com/

    The blog I need help with is techietalkz.com.

    #954658

    timethief
    Member

    Go here > Users > All Users and delete any user that does not belong there.
    Disable post by email > http://en.support.wordpress.com/post-by-email/
    Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
    Go to your email program and change the password to a very difficult one

    #954669

    taylorling
    Member

    Hi timethief,

    Thanks for the swift reply.

    There is not new user in my blog account, and I didn’t turn on the Post by Email feature. I have changed my password to a stronger one, probably the old one is to be blamed for this spam post.

    Hope it will never happen again.

    Thanks again!

    #954671

    timethief
    Member

    Be sure you change your email password to a very strong one as that’s how some hackers are getting into blogs. http://en.support.wordpress.com/security/

    #954672

    timethief
    Member

    P.S. Please do not delete the phony post. Make it “private” so Staff can examine it. I flagged this thread for Staff attention.

    #954678

    taylorling
    Member

    Hi timethief,

    I already make the post as Private for examination. My Gmail account is using a 2-way authentication with strong password, and there isn’t any suspicious activity based on report from GMail, I just wonder how it can happen.

    #954680

    timethief
    Member

    Thanks for the additional info.

    #954822

    justjennifer
    Moderator

    Very odd. I just looked on Google and, as the OP said, there are literally dozens of WordPress.com websites that have posted this exact same post within the past 24 hours. In addition to the active sites, many of these sites seem to be abandoned and whose last post was a long time ago.

    Unfortunately, this does seem to be some kind of a breach.

    #954827

    Thank you for the report. We’re looking into this.

    #954844

    I had a similar issue with one of my blogs today. I had not posted since December in one of them, but a post was made that was about making money from home. I had to change my password three times today. I did contact Support and was told that others are having this issue, and that they are looking into each case. Hopefully, this gets resolved soon. I really like WordPress and do not want to have to delete my account and start from scratch.

    #954882

    pjad
    Member

    Thanks for letting us know about this. We also noticed something suspicious. We have reset the passwords of all affected users and have sent them an email to let them know. If there was any spam posted and not removed before we got there, we also went ahead and cleaned that up.

    It is very likely that you were using the same password on WordPress.com that you used elsewhere. Recently, a few large services — LinkedIn, Yahoo, eHarmony, and Last.fm to name a few — have suffered well-publicized security breaches that have exposed email addresses and passwords. Although the passwords are usually stored securely, simple passwords can be decrypted or “cracked” in a matter of hours using modern technology.

    Hackers gather the lists of email addresses and passwords from these services and then try to use them to access accounts on other popular services, like WordPress.com. If you used the same password multiple places, then your account can be compromised. That is what happened here. We do have measures in place to protect password guessing or “brute force” attacks but in this case, since the password is known beforehand, there is no need for a hacker to guess.

    You should have a strong, unique password for every account you have on the internet. We have some more information on selecting a strong password in our Support section, please read through it:

    http://en.support.wordpress.com/selecting-a-strong-password/

    If you have any additional questions about the security of your account, please contact us using the form on this page:

    Security

    We take security seriously, and are happy to answer any questions you have.

    #954883

    justjennifer
    Moderator
    #954884

    justjennifer
    Moderator

    LOL OK then, see the reply just given above. :)

    #954889

    timethief
    Member

    @pjad
    I did take what ghost301 said seriously and I did confirm with a Google search. I chose not post that and cause widepread alarm. I felt the best course of action was to post what to do into all such threads and to flag them all for Staff attention. Thanks for your action on this issue.

The topic ‘Spam post published in my Blog’ is closed to new replies.