“Virus” Postings

  • I am using WordPress 2.0.2 to create a wewbsite for my kid’s school.

    When I visited the site this morning, there were 3 posts all made under the Admin account – to which only I have access – all with the same text, ending with “u suc i’m a virus”. The posts were all posted with about 5 seconds of each other.

    I’m aware of spam bots but this is not comments, this is the actual post.

    I’ve renamed xmlrpc.php just in case that was the way in although xmlrpc has been fixed since 1.5.1 3 (hasn’ it?). The other option, I suppose, is that my login details were stored by the school computer I used (changed the password just in case) but posting the same message 3 times wouldn’t appear to be the work of someone who had logged in.

    Just wondered if anyone else had experienced anything similar?

Viewing 5 replies - 1 through 5 (of 5 total)

  • I might be wrong but it sounds like they were published via email. I believe WP has “publish by email” capabilities so when you send an email to the specified publishing email address, the email automatically gets published to your site. The email address is supposed to be used just for publishing purposes and should be a “hidden or secret account” for obvious purposes. You might have your email account listed as your publishing email address so when an email is sent to that account it gets published to your site.

    Thread Starter chrisk

    (@chrisk)

    Good thought.

    But the email settings were the default, i.e. example.com so this would be unlikely I guess.

    Also, do you need to set up a cron job to poll the email account or does WordPress use the WP-Cron approach and hook it onto a frequent action like displaying a post?

    Did you check access logs (assuming you can get them)?

    Find out where they came from – have you got web server logs?

    Thread Starter chrisk

    (@chrisk)

    Logs are rotated every week, rotations was set at 0 (didn’t check this on my host – I guess you don’t until you need them), and it’s already been rotated, so I don’t have the access logs for this date.

    Being optimistic, I’m leaning towards one of the kids using the same computer I used, simply because I can’t work out how anyone might breach the post process, especially with the admin role.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘“Virus” Postings’ is closed to new replies.