If User Registration is enabled on your WordPress blog, then you have a good reason to worry. Recently bloggers from across the world encountered strange problems with Contributor Post Submissions. Seems like some hackers are exploiting User Role (particularly ‘Contributor’) in WordPress and they get the permission to publish the post directly, in other words autopost spam into our blog.
Contributor is somebody who can write and manage their posts but not publish them, they don’t have the right to publish the posts.
We finalized the SPAM user’s name as ‘klamka13303’ and if you have any user registered using this name, kindly delete that account. His/her SPAM post was actually in different language, Polish maybe and it was about loans.
Earlier today HBB also encountered this problem, but we were able to rectify it soon. I also encountered this problem on several active blogs yesterday. I request all the bloggers to check their Contributors manually and if you see any weird looking SPAM account, then you need to look deep into that.
If User Registrations are not enabled on your blog then the vulnerability is less. I’ll update this post with more information quickly.
More Discussions : Shiva Chettri Facebook Status
The problem still appears to be on. I have noticed a sudden jump in the number of registrations on my blog lately in spite of the email verification.
Do you thing the site i built for a client using wordpress could be affected by this? they want to have a large folower base, and well.. Im not sure wordpress is the one for it if there is going to be comment spam.. it is http://mystichcg.com
What about if you already allow some ones post, cant they now kust keep repost if you ahve your settings all screwed up? Ive noticed in the past that they tend to attack certain posts more frequently then others.. its weird..
I think the latest version of WP solved this issue. π
This was addressed in WordPress 3.1.2.
Hey, thanks for the update Andrew. π
Is there any tools to prevent that happening?
Regards. Arthur
You can use reCAPTCHA on your registration page mate.
http://www.google.com/recaptcha
I may be wrong but this issue was for old version of WordPress blog. What version of WordPress shiva is using? Is it latest 3.1 or old one??
Harsh, even HBB was infected. We got the same user and he/she published the post (using contributor role). π Damn sure I was using the recent WordPress version.
That’s such a good article. Security is actually the firs thing you should have enabled on your blog.
I woke up this morning to find an email saying that klamka13303 had subscribed to my blog. I had never gotten an email like that before. The first thing that I did was go and check the site to make sure that everything was cool – then I did some sleuthing and came upon this post.
Thanks for the info – klamka13303 has been deleted and “anyone can register” has been turned off – – even though I had it set to the “subscriber” level – it just feels safer that way.
Thanks!
So, what’s the solution to get rid from this vulnerability.
Its really a issue to worry about. Thanks for updating Pal…Will keep a close look on this particular post..
Nice post! Pradeep. Thanks for the alert but I have set posts to be reviewed first!
Not yet for me.. but I will be careful. Thanks for the alert.
Hackers get into any places. That’s annoying in the online world.
Jane.
sucks, it happened to me as well, lol
I am sure the WordPress team will rectify this bug asap. At the meantime, we all have to tighten the security on our blogs.
Well. My Blog didnt Get affected by this. but one of my friend blog affected by this. and I kept Default Registration Role is SUBSCRIBER.. any problem in that cause?
If his/her blog does not have Guest Blogging, then it is better to disable Registration. π
The fix was released in WordPress 3.0.5 http://wordpress.org/news/2011/02/wordpress-3-0-5/ and that was earlier this month.
“Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.”
This isn’t new and it’s always recommended that everyone upgrades their platforms, especially when security release is published.
Cheers,
Emil
Maybe this isn’t new, but huge number of blogs getting affected day-by-day, we encountered many.
P.S. They have been using the current version of WordPress (3.0.5). π
hi pradeep, this information would be very useful for the bloggers for those who want to maintain the blog..
The same happened in Chaaps.
And guess what?!
The post title was Kredyty in my case as well.
Wonder what’s wrong! :-O
I think WP has already released this in WP 3.0.5?
“WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions.
This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update.
Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.”
This happened to me also and I thought that the reason is because I had not upgraded to 3.0.5…
seen this New Hack on many blogs…at first i was also surprised what the Blog admins have posted but now realized its a security breach..
I think this may be due to role manager plugin.
New hack did not know about this. Thanks a lot for sharing
It is recommended to set user level to subscriber, if you have allowed users can register themselves option. If you have a multi authored blog, you can give author or contributor rights to selected and trusted people only.
Thanks Pradeep posting this issue
My site was hit by this security bug!
Hey Pradeep,
Thanks for making a post for this issue. I really think WordPress has to do something about this issue. I have changed the user role to subscriber for now and ya thank for the link to my status’ π
Yea mate, update recommended. π
This is a serious thread. Hope WordPress rectify the issue soon.
To All!!
Keep having a look @ http://www.securityfocus.com for latest exploits and solutions.
Securityfocus looks great with PR8. But kind of like a boring site. Hehe
Mahn this is some serious problem for guest blogging enabled blogs. Hope so WP releases an update soon.
Ya, It happened on 2 of my blogs.. And some of my friends blog also…