Skip to:
Content
Pages
Categories
Search
Top
Bottom

Other blogs hijacking homepage

  • Avatar of Roy McKenzie
    Roy McKenzie
    Participant

    @roymckenzie

    There seems to be an issue on my buddypress install where one of our members blogs hijacks my home page. After a while It will show the MOdestoBuzz.com homepage, but right now it is still showing one of our members blogs instead.

    Please help if you can.

    Thanks

    Roy McKenzie

Viewing 10 replies - 1 through 10 (of 10 total)
  • Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    Roy, what do you mean ‘hijacks my home page’. When I visit modestobuzz.com I *don’t* see your root blog page? I just went there and it seems ok. Are you using a some sort of page cacheing like ‘supercache’?

    Avatar of Roy McKenzie
    Roy McKenzie
    Participant

    @roymckenzie

    No I turned of caching. For instance, I just deleted a bunch of spam registrants. The last spam registrant with a blog, their theme is taking over my home page. I don’t have any posts in my root blog.

    Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    Wow. I see what you mean. Your site was sitting in my browser and when I punched ‘Home’ in your nav menu I got: tara4839297′s blog.

    Looking from this end…

    Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    Upgrade to 2.8.2 Roy. That very recent version change was released because of an XSS scripting attack hole in the blog post comments system.

    Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    Temporarily disable xmlrpc in wp’s backend: Settings > Writing > xmlrpc

    Temporarily disable pingbacks and trackbacks Settings > Discussion > Default article settings

    Delete the blogs that look like that.

    The cracker seems to be using that. Very definately upgrade immediately.

    Avatar of Roy McKenzie
    Roy McKenzie
    Participant

    @roymckenzie

    Thanks for looking Burt!!!

    :-D

    My XMLrpc was already disabled. I went ahead and disabled Ping and Track backs. Going to go download 2.8.2 right now and install! Thanks so much Burt, I was getting disheartened.

    Avatar of Roy McKenzie
    Roy McKenzie
    Participant

    @roymckenzie

    After I upgrade, which I just did so successfully (thanks Burt), can I re-enable Ping and Track backs?

    Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    If this 2.8.1 vunerability was the source of the security hole your upgrading should take care of things. You should be able to turn xmlrpc, ping and track backs on again after upgrading. I’m not really sure that pings, tracks and xmlrpc had anything to do with your issue now.

    Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    I would also recommend checking out the WPMU forums (if you haven’t already, Roy!), as this seems more appropriate there.

    Avatar of Roy McKenzie
    Roy McKenzie
    Participant

    @roymckenzie

    Thanks @R-a-y. I’m going to heard over there now!

Viewing 10 replies - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.