The dangers of the P2 Theme
-
It happened once last year when a rogue visitor posted a short message on my then new P2 theme’s ‘Twitter box’. Because of Feedburner service, RSS subscriptions, automatic feeds to Twitter and Facebook .. that message however short it was propagated to hundreds and thousands of contacts. As a result of that irritating matter, I had the “Twitter box” hidden through CSS but apparently that wasn’t enough or at least it was ineffective against another ‘stunt’ like that last night this time …
Hey
how are you recently?
I would like to introduce you a very good company and the website is http://www. propeb. com . It can offer you all kinds of electronic products ,such as laptops ,gps ,TV LCD ,cell phones ,ps3 ,MP3/4, and so on. You can take some time to have a look ,there must be something you like.Hope you can enjoy yourself in shopping from that company !
Regards !When I checked the P2 options this morning, I realised I had left this box Checked “Allow any WordPress.com member to post” which I have now Unchecked. I wonder if this is enough? People can post all manners of spam as a comment and it wouldn’t be this destructive but when it gets sent across social networks, it’s not cool.
The blog I need help with is: (visible only to logged in users)
-
@shimworld, make sure and let staff know about this directly and I agree it should not happen. Spammers are constantly changing tactics and setting up new emails so that they can do this, but my feeling is that only your posts should go out to the social networks, not the posts done by others in the P2 theme.
-
Was it necessary to repost the spam? Doing so really makes me wonder how legit the question is.
-
Hm. I tested this and I couldn’t get anything to post via publicize by submitting a post to a P2 blog as an outside user. I think it’s working as it should be. Did you guys test it at all to see if you could publicize something via P2 as an outside user?
-
UPDATE!
I investigated this further as I didn’t think it would be possible to exploit something that doesn’t exist or not visible for that matter. Then when I looked at alternative posting methods it dawned on me that the culprit had hacked into my Gmail account, sent a rogue email SPAM to several hundred contacts in the address book. One of the addresses I had saved is the top secret WordPress Post-by-Email address!
Thanks to Google’s network alert service, the culprit turned out to be someone in China who had illegally accessed my account (see report http://bit.ly/dwWpo7) and that’s how the spam made its way to a new blog post which in turn gets pumped to Twitter and Facebook. I appreciate that the alert notification gave me closure.
I second @thesacredpath’s suggestion. Comments made by a visitor inside the P2 post box should not be regarded as a new blog post each time. This easily annoys people who have subscribed to my blog to receive genuine content and I have had a couple of people who unsubscribed from Feedburner subscription.
-
What a story! Okay, I can see how a spammer could post to a WordPress.com blog if they have control of your email–that’s certainly a different scenario than you first presented.
With regard to the box at the top of P2… that is for posts, not for comments. Users can leave comments (which are separate and which must be attached to a specific post) by clicking the reply links next to the posts.
-
Thing is the post box is visible and accessible to all WP.com visitors (appropriate option checked) and te reason I had the box hidden via CSS is that someone once left a meaningless one-liner comment in the box and that propagated to my Twitter/FB and also 100 of my Feedburner subscribers. Once was enough for me to take remedial action. So while the post remains visible to others, there’s no stopping anyone posting there whether innocent or otherwise.
-
No one should be able to publish to Twitter or Facebook from the post box on P2 unless they are logged in to WordPress.com with the proper rights on that blog.
-
It’s the various pre-authenticated back-end mechanism that’s setup to either push or pull new posts off WP.com onto Twitter / Facebook. I have a FB app called RSS Graffiti which automatically publishes new SHIMWORLD posts to FB. Then, there’s TwitterFeed which publishes new blog posts to Twitter. And now, WP.com has new service that allows new posts to be published to Yahoo!, Twitter and Facebook. Even before WP.com provides these hand-shake services, many authors will have set one or two of these services setup. Am i making sense?
- The topic ‘The dangers of the P2 Theme’ is closed to new replies.
WordPress.com Forums 