WordPress.org
Get WordPress

Make WordPress Core

Opened 7 years ago

Closed 7 months ago

#46883 closed defect (bug) (worksforme)

Blog Configs being overridden by Hacker Bots

Reported by: zsystech's profile zsystech Owned by:
Milestone: Priority: normal
Severity: critical Version: 5.1
Component: Posts, Post Types Keywords:
Focuses: Cc:

Description

We consider this as a Bug since no malicious damages to Sites or Servers have been found.

We have multiples of instances on sites where Robots can Auto Submit posts to Blog pages even though the sites are configured not to allow public posts/discussion. Currently we have over a dozen end users that have reached out to us to make sure their sites have not been hacked.

Main configuration: Configured not to allow Posts/Discussion and not to allow Posts by anyone not logged in. User account creation is also turned off. Thankfully some of these sites are setup to be moderated and these malicious posts only have been caught this way, however the end users that are not moderating are seeing an increase in issues with this Bug/Backdoor.

This is happening with sites with multiple theme types, Multiple versions of PHP, and also Multiple Web Server Platforms. At first I thought maybe it was a Theme issue working with the Core, however further research from dealing with other end users is showing that it looks related to the Core, since multiple Theme types are being used by multiple end users, However to try and rule out any CORE Issue we are having End Users send us their Web Server, PHP, and Database Logs to research this issue deeper.

Change History (1)

#1 @SirLouen
7 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

@zsystech its always good to know that this is happening broadly to be aware.

But to try to fix this, we need a specific example. A specific setup, with environment variables and a way to reproduce this.

I'm going to close this, because 6 years have passed, and given that no more reports have been added to this ticket I'm going to assume that this has ended and has been solved. This could be happening because of a plugin, or a theme, or who knows.

Feel free to reopen this if you are still having the issue, and as I say provide the following information:

  • WordPress Version, PHP version, Web server version, Theme and version, if there are plugins (ideally there should not)
  • Have you disabled all the plugins?
  • Is it possible to share the video that causes the problem?
  • Can you share server logs?

Overall, can you share some precise instructions on how to do this?

Note: See TracTickets for help on using tickets.