Spammy little bleeders!
March 19th, 2008 | Posted in Just Rambling | 3 Comments | Posted by Fiaz | | Related Posts
Update It seems the the problem relates to xmlrpc.php which has a reported vulnerability. An email from Technorati details this further:
Dear Fiaz Khan,
I hate automated messages as much as anybody, however there is a
situation that concerns thousands of bloggers. I’m contacting you
regarding information related to your Technorati profile
(http://technorati.com/people/technorati/bohboh)
and the blog you’ve claimed on Technorati
http://www.nextbigleap.com/blogAccording to our data, that blog is running a version of Wordpress that
may be suffering from a security vulnerability. See
http://wordpress.org/development/2008/02/wordpress-233/
The version we have on record is WordPress 2.1.2Blogs are being compromised via this vulnerability on widespread scale.
The most common symptom of a compromised blog is the presence of links
to spam web sites inserted in the blog that are obscured by style
attributes that render the text invisible but are still seen by crawlers
such as Technorati’s, Google’s and Yahoo’s. You can find these links
by viewing the source of the blog pages or, when using Firefox,
looking under “Tools” -> “Page Info” -> “Links”The impact of these spam links that may be unwittingly placed on your
blog are reduced rankings or being flagged as spam. We’re
discontinuing processing updates from blogs that exhibit symptoms
of being compromised. If your blog has been upgraded already and this
message no longer applies to you, please accept my apologies.For WordPress support, I recommend checking the forums at
http://wordpress.org/support/
I will be monitoring this topic in the Technorati Support forum to
be of additional help:
http://support.technorati.com/discussions/topic/3295Thank You!
-Ian Kallen
Technorati / Architect
Somehow, spam had ended up in a hidden div at the end of one of my posts. I have yet to discover how. This came to light when i was notified by a RSS subscriber of a large list of spammy links
If anyone knows how this snook in then let me know. One site mentions site registrants gaining access to posts. Registration is disabled here so suspect there is another door in.
If anyone has any answers then let me know.
Thanks to Ben at subduedmedia.co.uk for letting me know.
Related Posts
- Simple Tagging Categories Import Fix
- Google is a big, greedy, spam monster
- Wordpress Blogroll bug fix
- WP Plugin Fix: Customizable Post Listings
- Getting WP-Cache and WPAudioScrobbler to play together
Two things come to mind:
1) You’re using WordPress 2.1.2 which has multiple vulnerabilities. You should upgrade to the latest version (and do this on a regular basis).
2) Check to see if your plugins have known vulnerabilities on blog security.
Hope that helps!
OJ
Classic problem of having made a huge number of mods to the system which makes upgrading a bit of a nightmare. (i know, i know)
Well, this wont be a problem for too much longer. I plan to port my site over to my own CMS i am developing.
Been a long time OJ!
It has indeed been a long time mate. You haven’t blogged for a while from what I can tell. Plus I haven’t seen you on MSN for ages either :)
I trust things are well at your end of the world, and that the family is going great.
As of 7th Feb this year I’m a father too :)
Right, best get off to bed while the little bugger is sleeping. All the best mate. Cheers!