see: WordPress Support Forum Post

The quote below is the last thing I wrote to the thread linked above … and the site there is broken, so I can’t post it.

Another thing to add, the last piece of SPAM commenting I got was an Online Poker piece of crap … I have gotten little of any junk the last couple of days, miraculously or due to efforts at adding stuff to filters here and there. This new one got through to moderation on March 10 in the afternoon, … not tagged as SPAM, it used a different URL this time. One that is listed in google as Online Poker, of course. “genaholincorporated” dot com is only an online poker site, a new spammer for this blog. Since they had “Online” and “Poker” as the “user name” for the comment, it got flagged for moderation.

Don’t y’all just hate the Online Poker gouger? I also hate the smut spammer too. They started hitting this blog after I upgraded to 1.5, with a vengence. But one reason or another, due to my efforts or not, they have stopped for now. This last trickle was one drop, mr. online poker yesterday. Was it therefore this being that has caused the problem I had this morning, and the curious emails of password changes …

All because I have secretly joined the efforts at getting wikipedia’s online poker entry at the top of the google ranks, by linking to it on my blog? Maybe that’s it. Maybe it’s not.

I’m only speculating from snitches of data I’ve browsed through today.

`/weblog/wp-login.php?redirect_to=%2Fweblog%2Fwp-admin%2Flink-manager.php`

That was the referring url on the wp-login.php junk above, for the #4 hit on the site.

The first hit was at 05:59:33, the next 5 seconds later, the next 18 seconds later … then a lull of four minutes and 20 seconds.

That lull is when the next hit had the above url as the referring url.

What were they doing meantime? There is nothing in my referrers to show … did they get in and do something in my link manager?

I’m going to look right now.

The suspect thing to me is that they hit the site on my .us domain, which only points to my .com where the real content is.

So they somehow have my .us/weblog/ as the referrer on their first vist to /weblog/wp-login.php –without having logged a visit in on my index.php previously … but …

earlier there was visitor with an msn.search page referrer with a different IP listed, that came from a page listing LINKS to the wiki encyclopeia for “online poker”.

My site shows up in that search, I have that link in my sidebar and it’s not visible on my page due to CSS styling. I added it there to help the effort at stopping that durn poker spam.

Why do I think this has something to do with the other … that same IP that came in from the referrer msn.search … next logged in my referer going to` .us/./` with `.us` as the referrer.

That’s weird, at least in my referrers it is, as nothing shows up like that from my “normal lookings.”

That all happened at 05:01:44 and 05:03:01.

I say this all since it’s dealing with Online Poker and that early this morning:

1. An IP showed up from an msn.search page referral that was showing pages linking to the wiki-encyclopedia about Online Poker.

2. A little more than a minute later that same IP showed up as trying to load a `.us` domain page on my site.

3. About 56 minutes later a different IP came in and tried to load wp-login.php, tried to change my password for admin, somehow sent weird emails to me saying password was changed, and actually did change my password, and meanwhile after trying to load pages a couple of times came back after a 4 minute lull with this as the referal url `http://www.pastoralfarms.com/weblog/wp-login.php?redirect_to=%2Fweblog%2Fwp-admin%2Flink-manager.php`
and then began hitting wp-login.php again with just `wp-login.php` as the referring url for the rest of them.

—-

Everything in my LINKS manager looks fine.

I have no idea if they got into my WP install or not. I can’t tell anything is changed. But I just wouldn’t know that easily, if it wasn’t super obvious.

In any case, I reported the initial weird issue on the mosquito site.

It’s just bizarre what happened, and that it would seem to be maybe, maybenot, maybeso connected to Online Poker.

I hope that’s coherent enough to make a bit of sense.

It’s obvioius that whomever it is/was is familiar with WP and wanted to get in or do something to my WP install at least. That url above will take someone to the Link Manager page once they successfully login. So was that the goal of the “attack” … and they miserably failed? I don’t know how they changed the password without having access to my email … how they spoofed or used some sort of something to send me weird password change emails, and that it totally bypassed the “normal WP” lost password schematics. So they DID change my password, but did they get in with it, that is the question.

I’ve now upgraded this weblog to WP 1.5.

It was a bit difficult due to my customization of my comments form, but I got it straightened out fairly fast. I had to change some of the the php tags from “{ ?>” to ” : ?>” and then I forgot to transfer a couple of commas between some things that needed to be changed as well.

In order to do the comments form I took the WP Classic 1.5 comment form and just added in my changes as were in my 1.2 wp-comments form.

It wasn’t totally straightforward, but neither was it difficult to figure out, just a tad tedious.

Otherwise, I need to test to be sure old things are working still, but so far it seems that all is fine.

I used to have a script in my head section, but I took that out and put it in a separate .js file, and I just haven’t put the line in to call it up yet. So some older pages have popups that won’t work therefore. That’s all that is about.

I have exhibit installed for images, and I like that system, yet again, not. I like it for having the photos available in post as writing an already saved post, but I’ve stopped using it as it’s codes, just have used it to insert the urls of the photos into posts. I haven’t had very many photos on this blog, and when I have, I have just had them lined up without thumbs. Just as easy to add my own css divs around each photo.

I know that I won’t want to have that in use always, so I may just go back and change any posts that use it particularly and recode them to url links to the files myself. I will be getting a real photoblog set up again, so because of that I will put less photos in this blog, but probably not by much, as one or two of any “series” I’d load on a photolog would be in here in a post to link to them probably.

So all in all, I have all the same plugins working, except for that I took out the two spamming plugins I had. I need to retool and see if there are updated plugins or better functioning ones to use for the things I have.

I’m wanting to make changes to this site layout, but this one is working fine, so I won’t break what’s not already broken and since it went really smoothly over to 1.5 as a Theme, then I guess I just need to make it stay this way.

I can use this theme as a parent theme and just change the style of the site with a new theme as a color only theme, for example. I could change the way it looks, but content would be the same.

There is functionality in coding in the Kubric theme too, which I’d like to use, so I’ll be playing with things but it won’t be that noticeable since I can switch back and forth in themes easily. So if a page won’t load right, wait, and try again. If it looks very different ever, it’s just because I’ve switched it to the default theme, or one I’m working on.

I want to get some of the info off of this page and onto separate pages that I’ll link to. So that’ll get more room on the sidebar for other things, and I may overhaul my site root index page to include some info from the various blogs, recent comment updates, recent post titles, etc. recent photos, etc. It’ll be more a portal page for the whole site instead of just a slight portal front page that no one hardly visits.

So this is the first blog on this website to be fixed up with 1.5. I have two or three (or so) more to do here.

Lesson Learned: Trackback DOES work for me, just the Virtual Site thing isn’t able to work it since I’m using WP for it, and not .htaccess.

Put this in your wp-comments php file, where the php bloginfo(‘url’) is the only code for a Trackback Link. It’ll allow you to display your Post ID trackback link, not have WP generate one based on your Virtual Site Url.

I had always been looking for a way to include my virtual site structure into Trackbacks, and being vain about using Virtual, and not wanting ugly numbers, I closed my eyes to understanding the above code and where ever I had seen it at WP Support.

So it does work. It does.

Which is good. I have made sure that Pings work since I found that someone I know online is now using WP and that went alright, as I’ve been able to PING from inside posts.

To be able to TRACKBACK on purpose is another thing entirely and I’m happy to know I can do that now.

I also had a slight panic attack [well not really, just a bit almost sort of, in a panicy way when you know something worked before but it wasn't now and you don't know if you did something to make it not work or not and ::hairpull::] earlier today when I tested several, I mean that, posts and pings and back and forth between a couple of my blogs and I couldn’t find that anything was posting.

Duh. I have had my comment moderated if more than one link was in the post. A ping makes that happen. So my ping comments were all sitting in awaiting moderation land. I just didn’t notice. I mustn’t have checked email that entire time either, or I would have noticed my blunder of thought earlier.

What a way to spend the First Day of the New Year. Doing dumb-and-dumber at something you are supposedly smart with. :veryshocked:

I know I did test out trackbacks with ugly site structure long ago, but for some reason, well maybe it’s because I’ve updated things with 1.2.2 and then tried to implement a fix a few weeks ago and then today replaced a few files with CVS current ones, it now works. So I get the both of thems — Virtual Site, but ugly trackback urls. It’s alright. For now.