• After essentially making any feed to the WordPress blog on my domain

    https://02138.com/02138blog

    essentially useless because it was hacked quite speedily after installing whatever was the latest version back last spring, I essentially started all over again. I was aided in this, in that my ISP, Web.com, gratuitously moved my site, the MySQL server and database, etc. to new servers, with new names for the schema, etc., new username, new password in mid-October.

    Basically, I updated the W-P files to the latest release at the time (2.6.2) and re-initiated the blog. I have been slowly and laboriously adding old posts from the previous version of the blog, still sitting on the old server at Web.com (for however long they’ll let me do that before they discover the accessibility to the old schema, which they seem not to have moved successfully when they made the shift).

    However, before I began this latter process, and after posting only one or two new posts to make sure the new setup was working properly, I have discovered an old problem, which I complained about last May. That is, the feed is corrupted, probably with a virtually endless set of ridiculous URLs to some obscure blog elsewhere in the world.

    I don’t understand this vulnerability. I don’t understand how to correct it. I don’t understand how to prevent it. As I understood the explanation wiser heads than mine provided, it’s not my ISP. Somehow the feed itself is hackable. I think this puts it at the feet of WordPress.

    Can someone please explain how this happens, and also offer some concrete practical suggestions on who can help me (even for money) first to fix the problem, and second to keep it from happening.

    Thanks.

    Howard

Viewing 5 replies - 1 through 5 (of 5 total)
  • If you want paid help – post a contact address. No bids are allowed here.

    (FYI: if you – or your host – moved a corrupted=hacked database to another machine… that is still corrupted and uploading newer WP files will not solve it.)

    Thread Starter hdinin

    (@hdinin)

    Moshu

    Thanks for the advice. I wasn’t soliciting bids. I was asking for help and an explanation. That seems clear enough.

    I’ll accept that all you can or care to provide is a perfectly legitimate rule here. Your comment about moving a corrupt database is gratuitous.

    As for the database being corrupted, that’s not what I understood to be the case. It could be I’m simply too ignorant, which I accept. But I understood it was the *feed* that was corrupt. I still don’t understand where that is stored…

    As for a contact address, that’s easy: [email protected]

    Thanks again.

    Howard

    Just for clarification:
    1. You mentioned “money” and that is asking for paid help, eventually. It is OK, but according to the forum rules nobody can offer paid services in the forum – that’s why we require that you post a contact address, so that the bargaining could happen in private.
    2. The feeds are not “stored” anywhere. They are created on the fly. However, if there is an “endless set of ridiculous URLs to some obscure blog” in them, it means that either your content (which is in the database) or some files are/were hacked, corrupted.
    3. You think it is your feed but actually the spam links are there on your site, too! So, again, it is NOT your feeds, it is that your whole site has been compromised and just moving it didn’t solve the problem.
    Right click > Show Source and scroll down: you will see them with your own eyes.
    4. If your host is not able to detect it – you need somebody that is knowledgeable enough to clean your site/blog.
    As I said, they are either in your DB or there must be some files in your install that were placed there by hackers.

    Thread Starter hdinin

    (@hdinin)

    Moshu

    Thanks.

    Now we’re getting somewhere. Your explanation confirms what I understood (about the feed being created on the fly). I’m not an idiot, just ignorant of what I’d rather not have cluttering my mind.

    As the “new” blog worked perfectly well for several days, in terms of providing a “valid” feed, the hack has to be in the old content I’ve slowly been adding back in as individual posts, which was pure text, as far as I can tell, from a backup of these previous posts. Unless it was sneaked in in the form of html tags, which I assume is possible, but seems unlikely.

    Therefore I have to conclude that somehow WordPress is susceptible to these kinds of hacks. I remember when I first encountered this someone commenting on how quickly the new release (of WP) had been hacked, in my case.

    I have two domains hosted by this ISP, and they are a pain in the butt with regard to solving problems that arise, but they have never been guilty of leaving my content susceptible to hacks of this sort. The only variable is WordPress software, which had to have been installed corrupted (at the source) or has design flaws which allow it to occur.

    Sorry man, that’s how it looks to me.

    I’ll see if anyone responds to my call for help and the contact info I provided, or if I can get my hosting service to clean this up.

    Thanks again.

    Howard

    Thread Starter hdinin

    (@hdinin)

    Incidentally, I checked the database using phpMyAdmin on my host’s own site, and there is no sign of the corrupt feed code…

    H

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘feed corrupted, again’ is closed to new replies.