Spammed!
-
My account has been hijacked and my mailing list used to send spam. This is what was sent out.
“New post on Mara Lindstrom
no regrets after doing this venture!!
by Mara Lindstrom
Hi there!
literally don’t worry about your bills any longer this has been your solution [spam link removed]
ttyl.Mara Lindstrom | December 7, 2011 at 7:50 am | Categories: Uncategorized | URL: [spam link removed]
Comment See all comments
Unsubscribe or change your email settings at Manage Subscriptions.Trouble clicking? Copy and paste this URL into your browser:
[spam link removed]
Thanks for flying with WordPress.com”Please tell me what needs to happen to prevent this in the future.
The blog I need help with is: (visible only to logged in users)
-
Pardon the boilerplate but you should fine some helpful info:
The only “hacked” sites I have seen here have been people getting the password somehow to a site so you do want to be careful how you log in and use a tough password.
You should also check to make sure that someone has not added a new user to your site. Problems have also happened when there was more than one Admin. and an Admin left on less than graceful terms.
Dashboard >> Users
There have also been a few Posts on “hacked” sites and it was because someone got the Post by Email address and using the Post by Email to send in new Posts, if you have Post by email you can regenerate the address for that feature.
If you are really concerned you could as the staff to look at your site: http://en.support.wordpress.com/contact/
You could also use a secure log-in in case you are on an unsecured link: http://en.support.wordpress.com/https/
-
As auxclass theorized above, someone definitely figured out your Post by Email address.
More than likely, it was just a spam bot trying random email addresses. Think like email spam, but for your blog.
You can generate a new Post by Email address following this guide: http://en.support.wordpress.com/post-by-email/#generating-a-post-by-email-address
-
Everyone knows that comments are a spammer’s playground, but you and your readers are entitled to expect that spammers don’t post on your actual blog masquerading as you. If spambots are abusing the system to inject spam directly into people’s blogs that’s very worrying, and I’d suggest that unless you have no alternative to posting via email you should turn the feature off for now.
When I used to post by email to livejournal I had to add a verification code at the beginning of the post, so that any spambot would have had to guess correctly both the blog username and the key connected to it. I don’t know whether post by email is widely enough used for it to be worth adding another layer of security, though.
-
We did some more digging into this, and it looks like your email may have been compromised.
The email was sent from your email address to 29 other email addresses, including your Post by Email address. More than likely, your AOL account is compromised and the email was sent to multiple (if not all) of the email addresses in your contacts.
-
staff-blorbo – that makes more sense than a spam-bot guessing the random 15 or 20 character post by email address. –
thanks for the extra research
-
-
Change the password on your email to make sure it’s very secure. Do not email it to yourself from that account, either.
-
- The topic ‘Spammed!’ is closed to new replies.
WordPress.com Forums 