I have fooled with WordPress until I’m just about ready to dump the whole thing and start all over. My blog was down a while yesterday and a couple of other blogs I help out with a little were down a lot yesterday. The bottom line is that WordPress got hacked and there was all kinds of funky stuff going on.
I started noticing a HUGE increase in the amount of spam comments and trackbacks I was getting a couple of days ago. BTW, if you left a comment or trackback and it doesn’t show up, I apologize! I just got blurry eyed going through pages and pages of spam to pick out the few legitimate comments/trackbacks that were in there. There were literally thousands of comments/trackbacks and I’m sure I missed some that should have been de-spammed. If I did, I’m sorry.
Long story short. There appears to have been some hacking going on. There are other people who explain it much better than I do. I found this article at A Few Good Pens (through Digg) which led me to this article at Artist By Nature . Leanne at Intricate Art is the founder and creator of Thursday Thirteen and well known to be very knowledgeable about such things.
I’m still sorting through thousands of spam every time I go more than an hour checking my askismet. I’m also having some problems with some of my WordPress files. I can’t upload pictures, for instance. One of these days I’m actually going to hire someone to do the technical work on the blogs! I probably do more harm than good.
In the meantime. I can’t seem to do much but fool with templates, spam and my cpanel. That’s the part of blogging that gets really tedious sometimes … like now.
I do advise you check out the two post I mentioned above to make sure that you don’t get hacked. Its NO FUN!!!
Dang - I’m sorry that it happened to you, too!
I am also being told that when upgrading - it is HIGHLY advised to completely delete everything but the wp-config file and upload the fresh upgrade to ensure any files that were hacked are gone and avoid future vulnerabilities.
I have detailed/simple instructions on upgrading as well - if you need the link to them let me know.
Is that what happened to you, Beth C, and McCain Blogs? Figured it was just a server error, like had been happening with Dreamhost.
I had someone sneak some crap in somewhere, messed up my .htaccess file, and hid stuff somewhere, could never find it, but showed all sorts of evil links within the source code.
Best thing to do is make sure you keep a copy of your htaccess file, have a long, hard password for your blog, ftp access, and host access. Also, make backups of your blog themes, of course.
Your source code looks OK. I’d highly recommend Bad Behavior 2.0.14 and Peter’s Anti Spam comments (http://www.theblog.ca/?p=21) plugin. Also, one that closes comments after so many days, such as Comments Timeout (http://beingmrkenny.co.uk/wordpress/plugins/extended-comment-options/)
Those 3 would cut your spam down a lot.
As always, if thou needeth helpeth, let me know, lass!
I suspect I got the spam — very weird URLs with long alphanumeric strings — but I didn’t get hacked.