Polish spam posts on WordPress

The other day I was going through TeaBreak’s headlines on my Google Reader (which, by the way, you guys can follow and sync up with all the awesome things I share) and I came across a polish post. Yes, a post in Polish on TeaBreak! That is so not what I expected to come across there, I was like:

“Hey.. somebody is practicing polish on their blog. Maybe thats cool (!?) – but we ended up aggregating it, which is quite Lame!”

I know, I should have contacted the blog owner but I didn’t. I wasn’t sure whether I was up to speed with all the cool & hip things kids are coming up with these days. Maybe blogging in a language you are learning is totally dope these days – I wouldn’t know! Although it doesn’t make any sense to me as to why someone would want to keep their blog audience clueless about what they are saying, but hey if its trending who am I to judge, right? People have all sorts of fantasies. Besides, I remember myself showing off my fluent German when I was taking a course back in the Uni. Talking gibberish is fun as long as the other person doesn’t figure out you’re talking gibberish. Don’t take my word, try it!

By the way, I don’t know a word of Polish but the post looked like it was in Polish. I mean come on, you can just recognize it. The words were like miles long with a lot of “szk” and “cyzk” and “rycks”. I tried to read a line and it looked pretty much like I was suffering with severe lisp deformity.

Anyhow, I have been noticing quite a few posts like those surfacing on TeaBreak over the past few weeks. The most interesting bit was that they were being published by lots of different blogs owned by totally different people (supposedly). It smelt quite suspicious and I ended up blocking a few of those. However, on further investigation I found out that there actually is someone (or some bot) who’s using a known WordPress vulnerability to spam blogs.

WordPress Vulnerability

There seems to be a known security vulnerability effecting WordPress versions < 3.0.5. A user with restricted access (say a subscriber or someone who is only allowed to post comments) can acquire elevated privileges (admin or editor) and publish posts. This security vulnerability is documented on WordPress here.

The Spam

So there’s this dude or more likely a spam bot, presumably from Poland, that goes by the username “klamka13303” who’s creating simple innocent looking accounts (perhaps just for posting comments) on vulnerable wordpress blogs. Then using the vulnerability gains privileges to publish posts. Interesting things / symptoms to see whether you’re affected:

  • You are running WordPress version < 3.0.5
  • You have a user account by the name “klamka13303” among your WordPress users (yeah, for some reason it’s always the same username every where)
  • Your blog is magically publishing Polish posts out of the blue
    • and it’s not you showing off your Polish skills
  • You’re losing your Google ranking because of duplicate posts

Fix

You can take immediate steps to rectify the issue:

  • Remove all untrusted user accounts
    • Perhaps disable any new user registration if you have that enabled
  • Remove all posts in a weird foreign language that you weren’t expecting
  • And finally, upgrade your WordPress

Also, I came across a good post on this subject here while Googling.

Auf Wiedersehen, Tschüss.

This entry was posted in Barely Productive, Random Stuff and tagged , , , . Bookmark the permalink.