New here? Then you may want to subscribe to my rss feed. :)

Spammy little bleeders!

March 19th, 2008 | Posted in Rants | 3 Comments

Update It seems the the problem relates to xmlrpc.php which has a reported vulnerability. An email from Technorati details this further:

Dear Fiaz Khan,

I hate automated messages as much as anybody, however there is a
situation that concerns thousands of bloggers. I’m contacting you
regarding information related to your Technorati profile
(http://technorati.com/people/technorati/bohboh)
and the blog you’ve claimed on Technorati
http://www.nextbigleap.com/blog

According to our data, that blog is running a version of Wordpress that
may be suffering from a security vulnerability. See
http://wordpress.org/development/2008/02/wordpress-233/
The version we have on record is WordPress 2.1.2

Blogs are being compromised via this vulnerability on widespread scale.
The most common symptom of a compromised blog is the presence of links
to spam web sites inserted in the blog that are obscured by style
attributes that render the text invisible but are still seen by crawlers
such as Technorati’s, Google’s and Yahoo’s. You can find these links
by viewing the source of the blog pages or, when using Firefox,
looking under “Tools” -> “Page Info” -> “Links”

The impact of these spam links that may be unwittingly placed on your
blog are reduced rankings or being flagged as spam. We’re
discontinuing processing updates from blogs that exhibit symptoms
of being compromised. If your blog has been upgraded already and this
message no longer applies to you, please accept my apologies.

For WordPress support, I recommend checking the forums at
http://wordpress.org/support/
I will be monitoring this topic in the Technorati Support forum to
be of additional help:
http://support.technorati.com/discussions/topic/3295

Thank You!
-Ian Kallen
Technorati / Architect

Somehow, spam had ended up in a hidden div at the end of one of my posts. I have yet to discover how. This came to light when i was notified by a RSS subscriber of a large list of spammy links

If anyone knows how this snook in then let me know. One site mentions site registrants gaining access to posts. Registration is disabled here so suspect there is another door in.

If anyone has any answers then let me know.

Thanks to Ben at subduedmedia.co.uk for letting me know.

Discuss this article »

  • Standing already...
  • Standing already...
  • now i am really bored
  • weeeeeee
  • Proof!
  • Spring must have been broken...
  • weeeee
  • Decisions decisions
  • Like i know what a transformer is
  • Flickr web feed images

©2007 Fiaz Khan | Powered By Wordpress  RSS Feed
Next Big Leap Limited