• Resolved highdesert

    (@highdesert)


    Hundreds of article submissions under my administrative login only The wordfence doesn’t show a login that corresponds to entering these. There must be some very open hole somewhere that allows this spoofing of me as admin writing content. So the first time it happened was no kidding one hour after upgrade to premium. I suspected that it had to be the Social login feature was a hole so I removed that from my administrative access and deleted the content.

    Contents Back. Its all PREDATED content so it winds up at the end of the blog and you as admin just need to know as all the current content I work on is still where I left it and on top.

    This time I left the content as its my hope that wordfence doesn’t seriously want me to pay them an Additional $150 to prevent what I paid $99 to them to prevent. If so I would like a refund as this security seems to be a joke at this point

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter highdesert

    (@highdesert)

    Hi @highdesert,

    I’m sorry you’re having to deal with such a situation.

    Could you please submit a ticket on our Premium Support platform so we can assist you with this issue.

    @highdesert WFYann speaks the truth. Forum rules preclude us from discussing anything premium related in the forums and we try to cooperate as fully as possible with the mods in that.

    I did want to point out that article submissions do not necessarily mean someone logged in and published them. With hundreds of them being published in a relatively short time, I would guess that you have a backdoor, like you surmised, instead of a strange login which is why you didn’t see a corresponding login in live traffic. Usually, when something like this happens it isn’t the fist time you were breached. It’s entirely possible that you’re seeing the execution of an attack that was launched months ago. Maybe it was an outdated plugin that was exploited, or maybe it had to do with lax permissions on a cheaper shared hosting platform, or something else entirely. At any rate, you do have options. We look forward to working with you in the premium ticket system (I checked and haven’t seen one come in for you yet).

    I’m closing this ticket per forum rules @jan.

    tim

    Thread Starter highdesert

    (@highdesert)

    Do not mark my topic as resolved as you wild ass guess and tell me to take YOUR problem to a dark ally. As the last matter of updating the site was to upgrade to premium wordfence.

    The Main user was ME was being brute forced as per your log but the security software didn’t flag the IP.

    Frankly I went to submit a ticket only to find your navigation directing me to a $149.00 Have you been hacked charge.

    I really don’t like the implication that this is my problem of being breeched when I pay to not be.

    Lets also point out that a current scan doesn’t flag any of the 250 articles that all contain links to sites with pulled certificates or that the IP that was brute forcing me has reports filed for brute forcing in the past.

    So the hack wasn’t an out of date plugin.
    Wasn’t dormant waiting per your own logs
    Next time say we need a ticket to work on this? Don’t add butt covering wild ass guessing. I am not some new to the world website owner. I usually secure my own sites by not allowing any logins this one site I opened up to word press features only its a walking talking spam hole to every Russian on the planet and has been for more than 8 years.

    The minute you install a wordpress platform you get spam registrations which is your claim to have us PAY YOU. Not even that worked I had to shut down wordpress registration all together even with wordfence installed and country blocking active. Your security software doesn’t even log open relay log ins and

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Do not mark my topic as resolved as you wild ass guess and tell me to take YOUR problem to a dark ally. As the last matter of updating the site was to upgrade to premium wordfence.

    I won’t marked this a resolved but I am closing this topic. These forums are not for premium versions of code and your only place to discuss this is on the author’s site as mentioned above.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hacked one hour after buying premium, Really’ is closed to new replies.