Join 3,418 readers in helping fund MetaFilter (Hide)


My blog's been hijacked!
January 21, 2009 7:49 AM   Subscribe

Somehow, some spammer hijacked a feed of mine that posts to my Wordpress blog. Help me diagnose what happened.

I have a shared folder on Foxmarks that I've set up to automatically post to my Wordpress blog, using the FeedWordpress plugin. This morning, a reader alerted me that my blog was full of Japanese spam posts. Looking at the posts, they were somehow injected into my blog via the same pathway that I use to post from the Foxmarks folder. (Each of the posts bears the custom fields that mark a post as coming from FeedWordpress - the syndication source, syndication feed ID, etc.)

Any clue what the source of this spam might be, or how I go about diagnosing this, and then inoculating my blog against it?
posted by grrarrgh00 to Computers & Internet (4 answers total) 2 users marked this as a favorite
 
Here are some screenshots of my admin and the site after the injection:
posted by grrarrgh00 at 8:00 AM on January 21, 2009


The FeedWordpress plugin site says it can use either SFTP or FTP. Which are you using? FTP sends your password over the internet to your server in plain-text (ie any computer between you and the server can read the password like a postcard). I recommend moving to SFTP.

It's also possible that someone broke in to the Foxmarks servers, and stole your credentials that way.
posted by philomathoholic at 12:42 PM on January 21, 2009


Oh, I just looked at the Foxmarks FAQ, and I saw that it's possible to encrypt your password while it's being sent over to their servers. I'd make sure that option was also set.
posted by philomathoholic at 12:48 PM on January 21, 2009


Thanks, philomathoholic. I looked at my Foxmarks folder, and that doesn't seem to have been hacked. (The spam links posted to the blog don't actually appear in Foxmarks. Of course, the spammer could have posted them to my Foxmarks account, waited for it to populate my blog, then deleted the links from Foxmarks, but that seems like it would require an unlikely amount of effort.) Is there any way the spammer could have hijacked the feed from Foxmarks without altering Foxmarks itself?
posted by grrarrgh00 at 2:12 PM on January 21, 2009


« Older I've got a Motorola H500 Bluet...   |  Simple q: a way to supplement ... Newer »
This thread is closed to new comments.