Roy, what do you mean ‘hijacks my home page’. When I visit modestobuzz.com I *don’t* see your root blog page? I just went there and it seems ok. Are you using a some sort of page cacheing like ‘supercache’?
No I turned of caching. For instance, I just deleted a bunch of spam registrants. The last spam registrant with a blog, their theme is taking over my home page. I don’t have any posts in my root blog.
Wow. I see what you mean. Your site was sitting in my browser and when I punched ‘Home’ in your nav menu I got: tara4839297’s blog.
Looking from this end…
Upgrade to 2.8.2 Roy. That very recent version change was released because of an XSS scripting attack hole in the blog post comments system.
Temporarily disable xmlrpc in wp’s backend: Settings > Writing > xmlrpc
Temporarily disable pingbacks and trackbacks Settings > Discussion > Default article settings
Delete the blogs that look like that.
The cracker seems to be using that. Very definately upgrade immediately.
Thanks for looking Burt!!!
My XMLrpc was already disabled. I went ahead and disabled Ping and Track backs. Going to go download 2.8.2 right now and install! Thanks so much Burt, I was getting disheartened.
After I upgrade, which I just did so successfully (thanks Burt), can I re-enable Ping and Track backs?
If this 2.8.1 vunerability was the source of the security hole your upgrading should take care of things. You should be able to turn xmlrpc, ping and track backs on again after upgrading. I’m not really sure that pings, tracks and xmlrpc had anything to do with your issue now.
I would also recommend checking out the WPMU forums (if you haven’t already, Roy!), as this seems more appropriate there.
Thanks @R-a-y. I’m going to heard over there now!
