Is Anyone Else Getting Spam Links In All Your WordPress Posts Today?

19 replies
Shoot... I was working away and just ran into a spam link in my posts on almost all my blogs -

My hosting support says...

We have found that the attacker used PHPremoteview script to attack our blogs.

I'm up to date with WP looks like this will be fixed in 3.2 coming out in a few weeks?

Man, I need a break been working way too hard and this happens.
#links #posts #spam #today #wordpress
  • Profile picture of the author GameVoid
    Hasn't happened to me yet but I wouldn't be surprised if it did. Wordpress is probably the most prevalent blog platform out there and that puts a big target on it.

    Hopefully the WP team is up to the task of keeping it secure, but incidents like this is why I disable commenting, user registration, and trackbacks on all my blogs and use only a limited number of plugins.

    I'd hate to imagine having to manage dozens of niche blogs, I don't know people do it.
    Signature
    Professional Writing Services Content creation, article rewriting, sales pages, marketing materials and much more.
    {{ DiscussionBoard.errors[4078364].message }}
    • Profile picture of the author gfMedia
      Yes, I do the same but still it's happening on about 80% of my blogs and I have a lot of blogs
      {{ DiscussionBoard.errors[4078382].message }}
  • Profile picture of the author xxdksxx
    Yeah seems to be going around should be fixed with something soon I guess.
    Signature

    {{ DiscussionBoard.errors[4078383].message }}
    • Profile picture of the author Jeremy Banks
      I had a hosting account with IXwebhosting and my websites would get hacked ever 6 months it seemed. They kept telling me I had weak passwords or a virus on my computer or keylogger and it drove me nuts. After a lot of research i noticed that A LOT of ixwebhosting sites were affected so I got a godaddy hosting account as well. a few months later my ixwebhosting sites all got hacked but my godaddy ones were peachy keen.
      {{ DiscussionBoard.errors[4078409].message }}
      • Profile picture of the author yourstory
        Originally Posted by Jeremy Banks View Post

        I had a hosting account with IXwebhosting and my websites would get hacked ever 6 months it seemed. They kept telling me I had weak passwords or a virus on my computer or keylogger and it drove me nuts. After a lot of research i noticed that A LOT of ixwebhosting sites were affected so I got a godaddy hosting account as well. a few months later my ixwebhosting sites all got hacked but my godaddy ones were peachy keen.
        same happened with me when I was with IX.... I switched to another hosting company and haven't seen it since.
        {{ DiscussionBoard.errors[4080468].message }}
  • Profile picture of the author Jeremy Banks
    can you post the site here, but not a direct hyper link? I would like to see how many backlinks they get
    {{ DiscussionBoard.errors[4078414].message }}
    • Profile picture of the author gfMedia
      No I'll pass on giving out a link - sorry. I've already fixed the public ones
      {{ DiscussionBoard.errors[4078439].message }}
  • Profile picture of the author joolkano
    Yeah, I was getting a lot of spam so I took out the code for "comments" and "reply" by going to the editor section under Appearance then selecting single.php & page.php on the right hand side and taking out <?php comments_template(); ?>

    Seems to do the trick.
    {{ DiscussionBoard.errors[4078636].message }}
  • {{ DiscussionBoard.errors[4079434].message }}
    • Profile picture of the author gfMedia
      No, this isn't Comment spam but Post spam as in injected with pharmacy links directly into the text of existing posts.

      Exactly like this thread...

      Wordpress hack and phpRemoteView - Web Hosting Talk
      {{ DiscussionBoard.errors[4079522].message }}
    • Profile picture of the author DavidTT
      Originally Posted by vilroot View Post

      Do you using akisimet ?
      x2 I have it and I always receive tons of spam but I never see anything except real comments because it blocks them.
      {{ DiscussionBoard.errors[4107693].message }}
      • Profile picture of the author gfMedia
        Please read this issue again because this is NOT comment spam but Post spam. Spam that has been injected directly into posts through a sql query that wasn't filtered properly.

        The most likely cause is a bad plugin or theme that allows a bot to exploit a security vulnerability.

        This will not be solved with akisimet or any other comment prevention method that I'm aware of.

        The take away for me is that I need to make sure I ALWAYS use the best security measures available, maintain current backups and to stay current with my sites, even if I have 1,000's of blogs

        Following security best practices, will give me the best chance to prevent this from happening in the future.
        {{ DiscussionBoard.errors[4108015].message }}
  • Profile picture of the author ocvseo
    Originally Posted by gfMedia View Post

    Shoot... I was working away and just ran into a spam link in my posts on almost all my blogs -

    My hosting support says...

    We have found that the attacker used PHPremoteview script to attack our blogs.

    I'm up to date with WP looks like this will be fixed in 3.2 coming out in a few weeks?

    Man, I need a break been working way too hard and this happens.
    Installing akismet plug-ins in your wordpress blog will reduce spam comment or turning of your comment box will do the trick.
    Signature
    {{ DiscussionBoard.errors[4079504].message }}
  • Profile picture of the author illsm113
    lots of spam comments
    Signature
    {{ DiscussionBoard.errors[4079703].message }}
  • Profile picture of the author SteveJohnson
    <sigh>
    WordPress is not the problem here.

    PHPRemoteView has been around for a long long time, since before WP was even created. It is a script that allows a hacker to take advantage of security holes in server setups. It only takes a single entry into a shared hosting server to allow the hacker to access ALL of the shared account files, if the server isn't secured properly.

    So, everyone, pay attention: the WordPress sky isn't falling, the world isn't going to end soon.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[4081295].message }}
    • Profile picture of the author gfMedia
      Originally Posted by SteveJohnson View Post

      <sigh>
      WordPress is not the problem here.
      Actually WordPress is part of the problem, it seems after researching this issue, that there are many ways for spammers/hackers to exploit WP either directly or through Plugins. That's why you see critical security updates for just about every update.

      What you said about PHPRemoteView is very true.

      Originally Posted by SteveJohnson View Post

      So, everyone, pay attention: the WordPress sky isn't falling, the world isn't going to end soon.
      I never said "the sky was falling" at all - just that I was tired of dealing with this when I've been working way too hard already.

      There are solutions to this mess. The solution is being aware of the issue and taking steps to prevent it from happening in the first place.

      I've found several good plugins that I'm now using which I hope will solve this problem.
      • Better WP Security
      • Ultimate Security Checker
      • Block Bad Queries

      I recommend researching this issue and adding these plugins.

      Hopefully that will prevent someone else from having to deal with this mess.
      {{ DiscussionBoard.errors[4095398].message }}
      • Profile picture of the author gfMedia
        Update: Shoot, still not enough - some blogs are good and some continue to be injected with spam.

        I'm looking at the underlying reasons now.

        The problem appears to be limited to just one theme and no other.

        I'm guessing the themes footprint has been targeted and so I'm thinking of switching themes at the very least.

        Also, the blogs with lots of posts are more difficult to correct now after the fact and that is probably part of the reason it continues.

        I'm attempting to make it difficult enough so the injection bots move-on to some other place to wreak havoc.
        {{ DiscussionBoard.errors[4107672].message }}
    • Profile picture of the author tpw
      Originally Posted by SteveJohnson View Post

      PHPRemoteView has been around for a long long time, since before WP was even created. It is a script that allows a hacker to take advantage of security holes in server setups. It only takes a single entry into a shared hosting server to allow the hacker to access ALL of the shared account files, if the server isn't secured properly.

      Thanks. I had been trying to figure this out.

      I had two blogs get bombed with this PHP Remote Veiw.

      I had to suspend one of them completely to stop the attack.
      Signature
      Bill Platt, Oklahoma USA, PlattPublishing.com
      Publish Coloring Books for Profit (WSOTD 7-30-2015)
      {{ DiscussionBoard.errors[4108010].message }}

Trending Topics