How can someone post to my blog without my permission?
-
For the 2nd time, someone (the same person) has posted to my blog without my permission. When I go into my admin page it looks exactly as if I made the post myself. I quickly deleted it, and sent him a fairly nice email asking him to stop. My question for you is. how can this possibly happen? Has this person hacked into my account? How can they know my email and password? It’s so weird. This is the url of the blogger who has infiltrated my blog: http://www.cavaglass.com/blog/
Thanks for any insight you may be able to provide, and advice for how to protect my blog privacy.
Very best, Debora Coombs
http://coombscriddle.wordpress.comThe blog I need help with is: (visible only to logged in users)
-
-
The only “hacked” sites I have seen here have been people getting the password somehow to a site so you do want to be careful how you log in and use a tough password.
You should also check to make sure that someone has not added a new user to your site. Problems have also happened when there was more than one Admin. and an Admin left on less than graceful terms.
Dashboard >> Users
Many times a users email is hacked or the password guessed and the email account is used to get access by requesting a password reset – you need to change your email password and make sure they nobody has been added to your email account.
You should also run a virus check on you PC to make sure your PC does not have a security issue that has compromised your email or WordPress.COM log-in information (also your bank etc. if you do online banking or retirement accounts)
There have also been a few Posts on “hacked” sites and it was because someone got the Post by Email address and using the Post by Email to send in new Posts, if you have Post by email disable the Post by Email and regenerate the address. Spammers have scripts the generate email addresses and they sometimes can get a valid address for a Post by Email address.
If you are really concerned you could as the staff to look at your site: http://en.support.wordpress.com/contact/
You could also use a secure log-in in case you are on an unsecured link: http://en.support.wordpress.com/https/
And how many admins are there?
-
Hello Auxclass, and thanks so much for replying so quickly.
Based on your advice, I’ve just checked a few things out:
~ I’m the only User and the only Admin. I know the rogue blog-poster and he’s certainly never been a User/Admin person on my blog. I have never met him, but we do have friends in common. He seems to be a nice enough fellow and I do not suspect foul play.
~ My email address is publicly available but my password is just a random string of letters and numbers. No-one could possibly guess it and it has not been re-set.
~ I don’t have a pc and have not had a single virus (that I’ve known about) since I switched to using MacBooks about 10 years ago.
~ I just disabled ‘Post by Email’ . Thankyou. I suspect this was the weak spot.I’ve been corresponding with the rogue blog-poster by email and he seems as perplexed as I am. He simply sent out an email to everyone on his list (yes, that includes me) and somehow it got automatically posted to my blog.
Right now I’m trying to find out whether he has a post.wordpress.com email address on his list. Though I don’t understand why a message ~received~ by that email address would get automatically posted. Surely, this would require a message ~generated~ by that email address, no?
I would like to unravel the mystery and I really appreciate your help.
Debora -
I just checked my test blog with Post by email – no indication I could see that the Post was done by email – the staff might be able to see the server logs for that type of an event and they should also be able to check log-in’s
-
Go to your email program and change the password to a very difficult one because that’s how many hackers gain access to blogs.
Then read this please and act on what you find there > http://en.support.wordpress.com/security/
If you can log-in
1. Go here > Users > All Users and delete any user that does not belong there.2. Disable post by email > http://en.support.wordpress.com/post-by-email/
3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/
4. Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password If you reset your password, it will also work on mobile devices. If you have two-factor enabled, you will need to create a new application-specific password: http://en.support.wordpress.com/security/two-step-authentication/#application-specific-passwords
5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
-
-
-
I don’t believe so, because I have received a couple of pingbacks in the past and they always show up in Comments and I receive an email asking me to Approve This Pingback. I have to admit though, I don’t really understand what pingback is. As for Feedback… are these the comments people leave? Oh dear, it seems I have a lot to learn!
-
http://en.support.wordpress.com/contact-form/ Feedback is something someone puts in a Contact form.
-
I think raincoaster could be onto something here. Pingbacks are found in the Comments section of your blog and this is an example of a pingback that you approved.
Pingback: Check, Check…..And Check Again | Say It With A Camera -
OK thanks.
Then no, I don’t believe the rogue post was Feedback or Pingback.
Oh..
..and I just read the last post (you people are wonderfully helpful, thankyou) and yes, I have approved two Pingbacks in the past, but was informed of them via email and, I seem to remember, required to Approve them both before they appeared. When they did appear, they were in the comments section, not automatically blasted on my FaceBook page and sent by email to my Followers. -
http://coombscriddle.com/artwork/3486356_temporary_page_for_sorting_out_blog.html
Here’s a link to a screen shot of how the rogue post appears in my Trash folder. It is someone else’s post with my name beside it.
Very perplexing. -
..and here’s how it looked on my FB page (I just deleted it from there too)
http://coombscriddle.com/artwork/3486363_Rogue_post_on_FB.html -
I can’t say I’ve ever seen anything like this. Ask the guy, since you are in contact, if he has hired any “web promotion” services lately. If yes, then he’s unfortunately hired hacker/spammers, and they probably got into your account via Post By Email. There was a rash of that last year.
-
Oh dear, it’s all gone quiet. So everyone has given up on me!
Thanks again for all your advice and attention. I have never partaken in a forum before and I’ve been so pleasantly surprised. How is it that perfect strangers will be so kind and helpful?
I have followed all the advice given; changed my username and password; made sure I’m the only administrator; disabled Post by Email and Post by Voice; and confirmed that the rogue poster does not have any wordpress email addresses on his list.
Hopefully all will be well now.
Thankyou, and goodnight everyone.
Debora -
Debora,
This thread is tagged for Staff intervention. Staff work through all forum threads tagged for their attention in chronological order in accord with the datestamps and timestamps – first posted first served, as would be expected.How long it takes to clear the threads and support tickets depends on how many Happiness Engineers are working on them at any given point in time. It also depends on how complex the issues in each thread and ticket are are.
Don’t bump your thread here again by posting into it because it’s not in your best interest to post to it after it has been tagged for Staff help, as that moves the timestamps forward and it takes longer to get a response.
-
-
Hi coombscriddle,
Sorry for all the delay and confusion. The good news is that it looks like auxclass figured it out. :)
At some point in the past you created a Post by Email address, and your friend somehow had that address in their address book. Maybe you sent out an email using that address at some point, with them cc’ed?
At any rate, I have deleted that Post by Email address for you, so it should no longer work to post to your blog. If you keep running into difficulty with this, please let me know.
- The topic ‘How can someone post to my blog without my permission?’ is closed to new replies.
WordPress.com Forums 