Akismet, by default, deletes spam after 15 days. This may be fine most people, but I use my spam to control and deny new bots from my site. I cannot use this input when Akismet simply deletes it after the default 15 days. I often times am busier than that.
Here’s a 2016 post on how to extend this 15 day time limit.
You can change the number of days Akismet should keep spam comments in your database. Simply add this code to your theme’s functions.php file or in a site-specific plugin.
Hacked By Muslim Hacker, Hacked By BLEİSY, screen cap, WordPress
A customer site got hacked today. Blue Host, shared service. WP core, plugins, themes all current.
They hacked the index.php on the public_html dir, and had malware code in the replaced index.php, along with 2 extra files. Front page was defaced, but site was left intact.
added files: 9e09ad (data file) and pfm.php (had php code) Here’s the pfm.php code:
Recently I have been observing a different WordPress spam technique that uses WP trackbacks. This technique has some interesting characteristics that are unlike other types of spam, so my usual clues as to origin and banning method did not work. Fortunately this technique also has some unique characteristics that can be used to ban them. Fortunately.
WordPress Trackbacks
When one WP site links to another WP site, the WP sites communicate with each other using a method called trackbacks. The first site sends a trackback request to the second site. The second site posts the trackback as a special comment, which invites the user to click through to the first site. These trackbacks are automated, making it convenient for both sites.
Hacked By An0n 3xPloiTeR And 8B0K3N H34R7 Team Pak Cyber Ghosts [P.C.G], main message screen with running footer 1
This hack suspended the hosting account and the web site as a malware infected account. The hack set up a malware attack for anyone who visited the site, specifically targeting Windows. I am still trying to figure out how they got in, This is a Pakistani-based attack, or so their message says. I’ll try to document as much as I can to help others in the same situation.
The National Post put up a news article about user centered design in cars, which turned out to be an ad. I took screen caps of this offending article and wrote about it. The image file name I used included the snippet “-ad-“, which was enough for my ad-block plus browser plugin to remove it from my view. Only after renaming the file name and reuploading it could I actually see the ad. Lesson learned.
Reading, I was, about a web site security tool from Mozilla, so I had to try it. My site, the one you are on now, rated “D-“. It was no consolation that most sites rate “F”. Within the rating there was this criteria called “Content Security Policy” (CSP) that tweaked my interest.
Content Security Policy: Purpose
A CSP is a policy that you put into the head section of your page that whitelists all the sites that contribute to your page. If someone tries to add something to your page’s content but is not on you CSP, your browser will not load it. This stops a nasty infection of something called “cross site scripting” or XSS.
I started to receive these WordPress URIs after someone read one of my WordPress posts. This confused me. These are connected to WordPress Failure Notices, but not quite.
Strong, WordPress is, otherwise it would have been breached long ago. These three attackers did a brute force login attack on me today. This is not the first and will certainly not be the last. While I can track down the IP and ISP, and ban them, their origins I will never know. This is the murky world of the internet, and it is worldwide.
41.76.123.243: 41.76.123.0 – 41.76.123.255 WIFLY GA GABON has tried security hacks on my site before, 6 attempts
Brute force attacked, I was, for the xmlrpc.php API in WordPress. Thankfully WordPress was strong enough to ward off this attack. I’ve had random attacks on xmlrpc.php before, but nothing this organized. I thought I’d document a case of 57 xmlrpc.php POST attempts here for all to see. Maybe someone can identify the culprit, as I could not.
I had 57 POSTs to xmlrpc.php on WordPress. They are randomly spaced apart throughout the day, use different IP addresses and hosts, but use the same POST (POST /wp/xmlrpc.php HTTP/1.0), referrer (http://dontai.com/wp/xmlrpc.php) and user agent (Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko)