[Wylug-admin] Spam links in website

Mon Nov 17 07:44:54 UTC 2008

On Sun, 16 Nov 2008, John Leach wrote:
> On Sun, 2008-11-16 at 13:23 +0000, Phil Driscoll wrote:
>> On Sunday 16 Nov 2008, Mark P Conmy wrote:
>>> The spam links are gone.
>>
>> John, I assume this means we need to update our Wordpress
>> installation (assuming current versions protect us from whatever
>> methods were used to break into our version).
>
> Hi Phil,
>
> Last time spam was found, I cleared it out and upgraded Wordpress to the
> latest secure version (after volunteering to take over the maintenance
> of it).
>
> There has not been a newer version of Wordpress released to fix any
> security bugs that affect us (there have been some releases, but none
> that were important or that affected us).
>
> It's likely that the spam reported by Nigel today was stuff I missed
> when cleaning up and was never removed (rather than added via an exploit
> since).  The dates of the articles corroborate this somewhat (they
> pre-date my upgrades).  Google seemed happy enough to put us back in
> it's index so I assumed all was well.
>
> I've sorted the site out again now.  I took down the "This site is
> unmaintained" message that I assume Mark put up, removed the spam Nigel
> found, and double checked the versions and available security updates
> (none were required).
>
> As usual, we'll have to keep an eye out - if more spam appears where
> there was none before, then perhaps we have an unpublished vulnerability
> on our hands - I doubt this is the case in this instance (though it is
> not beyond Wordpress's codebase ;)
>
> If anyone else spots any spam on there, just drop a line to me and I
> will sort it out (there are others with access to Wordpress and can edit
> posts though, so cc to the wylug-admin list I guess - if anyone wants
> edit rights drop me a line).
>
> Thanks for the heads up Nigel.
>
> Mark, I appreciate you taking some immediate action, thanks.  But as I
> hope you can see, the site is not "unmaintained" as claimed in the
> message put up on the site.  Tbh, I'm sure you were short on time
> (Sunday, unsupported site etc.) but it felt rather insulting to just
> have a "This site is unmaintained" message on there (and no notice other
> than "The spam links are gone").
>
> I've created a maintenance.html that simply states the site is down for
> maintenance and changed your redirect rule to point to that and
> commented it out.  If you ever need to take the site down temporarily
> again, you can just uncomment that line. (I tried setting an
> ErrorDocument for the 503 code and using that for a maintenance message
> but it wasn't liked by Apache).

I think you need a new ISP.

Mark