[wp-hackers] Weird Comment Moderation Email

Brian Layman Brian at TheCodeCave.com
Wed Apr 7 16:36:46 UTC 2010

Yeah, that sure looks funky. Something definitely was not handled correct.
There are some neat attacks going around though. 

One site I repaired for someone had a plugin stored and executed from the
wp_options table. The option name was a variation of site_url and the
content was prefaced by the header for the Hello Dolly plugin.  It was
pretty neat.  

So you might want to look around to see if there are any suspicious new
records and keep a close eye on Google's Webmaster Tools eval of your site
for the next couple days, but assuming you are on 2.9, I'd wager that you
are safe.  Comments are fairly well protected at this point. It would be
much easier to target a plugin, than to break in via comment spam.

-Brian Layman

More information about the wp-hackers mailing list