wordpress.com pwned?

  • Author
  • #78728


    I posted this morning “is it blog spam?” ( http://bahumbug.wordpress.com/2007/03/03/is-it-blog-spam/ ). The post appeared as “private” when I first hit the “publish” button (why?). Before I’d even made it public, two comments had appeared. They were trackbacks to auto-generated sites that were clearly comment spam.

    Given that these appeared before the post itself was even public, they must surely come from within. WordPress.com is owned by spammers today? Or is there another explanation?


    I got one of those too, within half an hour of posting. Not sure what’s going on there. Not these comments are unusual in themselves; it’s just odd to get one so fast.



    Probably the blog scrapers have subscribed to your RSS feeds, and that means that they essentially grab your post as it’s posted…and post it themselves, thus the trackback.

    If you weren’t the person who made that post Private, then it may be the random bug that’s going around making them private…

    Have you sent in a feedback? Sounds like something the guys should know about.



    raincoaster, two on that particular post seems quite a coincidence, given that most of my posts don’t attract it. And when the post was (unintentionally) *private*?

    As for “private”, I’ve no idea how that works. I just press “publish” when I’ve finished writing. First time I realised there was such a thing as “private” was when Planet Apache failed to pick up a post.

    No I haven’t sent feedback. I’m sure they’ve had this reported hundreds of times: why should I add to it? WordPress is a classic PHP application, and bugs go very much with that territory: hence why I blog here (live with it as a user) rather than put it on my own server and have to admin it.



    No, I know the ratio of posts in the forum to feedbacks and it probably hasn’t been reported. Quite seriously, it probably hasn’t been reported.

    No-one here has access to the guts of WordPress.com, so no-one here can tell you definitely what happened or if WP was or was not hacked somehow. Only staff can do that, and they can’t do that until you let them know what happened.



    Well, I’ve not stumbled across a bugzilla or similar reporting mechanism for wordpress. Posting here seemed the nearest visible thing to contacting the management.

    Besides, I can’t really produce a useful bug report, as it’s AFAICS random and not reproducible.



    Right on your dashboard, on the top right-hand side is a button called Feedback. When you click on that you send a message to staff which automatically includes all your technical data. That is how to send the information.



    Moved to support


    Link please, drmike?

    FWIW the scraper’s IP addy is


    …oh, and



    Hello?! if nobody’s reported this, as far as support is concerned it isn’t an issue. Has anyone actually done that?



    We know about the ‘turning to private’ bug and are hunting it down.

The topic ‘wordpress.com pwned?’ is closed to new replies.