1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how is someone able to post garbage articles on my wordpress site?

Discussion in 'Black Hat SEO Tools' started by txholdem, Aug 31, 2015.

  1. txholdem

    txholdem Elite Member

    Joined:
    Feb 23, 2009
    Messages:
    1,712
    Likes Received:
    209
    i just discovered that someone posted garbage articles on my wordpress site 2 months ago.
    is my wordpress password stolen? or is there other ways?

    the person bluntly post links to his sites:
    http://fakeraybanshop.com/
    http://cheapraybanolshop.com/

    if he stole someone's password, how can he leave clues like that?
    and if he stole my password and was able to login, why didnt he change my adsense ads?

    both domains registered under:
    Domain Name: fakeraybanshop.com
    Registrar URL: http://www.godaddy.com
    Registrant Name: wang jiadong
    Registrant Organization:
    Name Server: NS47.DOMAINCONTROL.COM
    Name Server: NS48.DOMAINCONTROL.COM
    DNSSEC: unsigned


    i dont see any settings in wordpress that can let someone post articles without me knowing...?
     
    Last edited: Aug 31, 2015
  2. BulletServers

    BulletServers Junior Member

    Joined:
    Aug 28, 2015
    Messages:
    104
    Likes Received:
    13
    maybe someone stole your password, you should reinstall wordpress
    and use some security plugins like wp login lock, wp captcha etc.

    and yeah forget to say never use nulled wordpress theme or plugins.
     
    • Thanks Thanks x 1
    Last edited: Aug 31, 2015
  3. laowai

    laowai Power Member

    Joined:
    Feb 27, 2011
    Messages:
    522
    Likes Received:
    185
    It sounds like your site is being hacked. Could be your theme or some plugin. Use WordFence and Sucuri plugins to scan malware.
     
    • Thanks Thanks x 1
  4. Sombrero

    Sombrero Senior Member

    Joined:
    Feb 28, 2011
    Messages:
    1,177
    Likes Received:
    995
    Occupation:
    August 26th
    Location:
    T-Mobile Arena
    That's called injection, and some of your plugins or theme have security issues.
     
    • Thanks Thanks x 1
  5. dandan594594

    dandan594594 Power Member

    Joined:
    Jan 31, 2013
    Messages:
    545
    Likes Received:
    234
    Location:
    UK
    Hacked... only use up to date plugins and themes. Add a security plugin such as wordfence, change the password/email for hosting and WP install and even run the site though cloudflare for another level of security.
     
    • Thanks Thanks x 1
  6. Sardosa

    Sardosa Regular Member

    Joined:
    Mar 30, 2008
    Messages:
    294
    Likes Received:
    59
    Gender:
    Male
    Occupation:
    Occupational management
    Location:
    Bangkok, Thailand
    Home Page:
    means nothing. the attacker doesn't attack your site directly, man
    most likely its MySQL hole through which he/she do script-kiddie SQL inject
    you might have the most secure WP install, however the posts are in the database, say - backend (
     
    • Thanks Thanks x 1
  7. txholdem

    txholdem Elite Member

    Joined:
    Feb 23, 2009
    Messages:
    1,712
    Likes Received:
    209
    wow, after i changed the admin login and password, i immediately got another post!
    as i was updating wordpress to the newest version, and installing wordfence... wtf?

    it looks like sardosa is right.. so how do i fix it if its a SQL injection?

    my hosting company told me to "change php handle from dso to suphp and then secure permission of all files and folder."

    is that going to fix the problem?
     
    Last edited: Aug 31, 2015