hacking problem – someone posted on my blog

  • Unknown's avatar
    richrecess · Member ·

    Hi – first post here so hoping I get the etiquette right!

    This evening I suddenly got a mass of emails from myself with some spam message about ‘getting better service’. I then noticed that on Facebook there was a post from my blog which is linked via Networked Blogs with exactly the same text as the emails (which had gone to everyone in my Google Mail Address Book). I went to my wordpress dashboard and sure enough there was the Post which had apparently been written by me. I moved it to Trash and changed my password straight away but am uneasy about this – I’ve looked through the support pages but can’t really find an answer – is there something else I should do or somewhere I can report a security breach?

    many thanks in advance

    Rich

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    auxclass · Member ·

    WordPress.COM has a good security record. Hacked passwords seem to be about the only security things that go wrong here. But they take any security questions very seriously.

    Your best bet is to contact the staff with as many details as you can: http://en.support.wordpress.com/contact/

    I will also mark this for staff attention.

  • Unknown's avatar
    richrecess · Member ·

    thanks – I’ve emailed directly as per your suggestion. Never had any probs before but had not changed my password since joining up. Will keep this thread updated with any outcome.

  • Unknown's avatar
    justjennifer · Member ·

    Just thinking out loud, but do you post by email or have the post by email address enabled for your blog? Do you have that address in your mail account address book?

  • Unknown's avatar
    richrecess · Member ·

    Yes I do – is this bad practice?

  • Unknown's avatar
    auxclass · Member ·

    Post by email is fine, but if someone grabs the email address they can then post to your blog, so you don’t want to have that address out in general circulation.

  • Unknown's avatar
    justjennifer · Member ·

    No, but it may mean the trouble lies with your email account rather than with your WPcom account.

    You mentioned that everyone in your address book received the email with the same text as the post and that to me sounds like trouble right there. Since your “post by email” address is also in your address book, it became a post. It might be wise to check your email account as well.

  • Unknown's avatar
    richrecess · Member ·

    Simple. Profound. Marvellous! Thanks for that – I’m sure thats the case and I feel a lot better knowing there’s much less likelihood of being a password hack on WP.

  • Unknown's avatar
    raincoaster · Member ·

    Oh, smart thinking you guys. I imagine we’ll be seeing a LOT about that in the future. Emails are hacked fairly frequently, and the older the account the more likely to be hacked (because passwords were less safe back then).

  • Unknown's avatar
    justjennifer · Member ·

    @richrecess-you’re welcome and sorry to be the bearer of bad news. If it’s gmail, they have a security checklist that you can work through. I really recommend it.

  • staff-blorbo · Staff ·

    It looks like someone just discovered your post by email address.

    You can change it following this guide: http://en.support.wordpress.com/post-by-email/#generating-a-post-by-email-address

  • The topic ‘hacking problem – someone posted on my blog’ is closed to new replies.