Wordpress help needed

[MoodyBlues]

I have an issue with one of my blogs, and before I attempt to dissect its back-end myself, I thought I'd reach out for help here.

I've always used Blogger for my blogs, but decided to go with Wordpress for my latest one. I installed Wordpress on my domain's server, so everything happens there (as opposed to Blogger, which runs on Google's servers). Kindly note that I have zip, zero, zilch prior experience with WP.

I'm getting a lot of spam comments. No biggie, really, because they don't post automatically--I've chosen to always moderate comments, so it's not really a big deal. Except for the METHOD the spammers are using.

I'm also getting a lot of 'new user registrations'--all of which have [undoubtedly fake] Hotmail addresses.

They're definitely NOT going to the blog and using the tools provided there for visitors to post comments or register. If they were, their visits would show up in my site logs, but they don't.

So I know they must be running the actual Wordpress files...but that's where I'm stuck.

Here's my ~/wordpress directory's contents:

-rw-r--r--   1 username  group       397 Jul 19  2011 index.php
-rw-r--r--   1 username  group     16899 Jun  8  2011 license.txt
-rw-r--r--   1 username  group      9202 Jul 12  2011 readme.html
-rw-r--r--   1 username  group      4343 May  7  2011 wp-activate.php
drwxr-xr-x   9 username  group      4096 Jul 12  2011 wp-admin
-rw-r--r--   1 username  group     40243 Jun  1  2011 wp-app.php
-rw-r--r--   1 username  group       226 Dec  9  2010 wp-atom.php
-rw-r--r--   1 username  group       274 Nov 20  2010 wp-blog-header.php
-rw-r--r--   1 username  group      3931 Dec  9  2010 wp-comments-post.php
-rw-r--r--   1 username  group       244 Dec  9  2010 wp-commentsrss2.php
-rw-rw-rw-   1 username  group      1302 Nov 29  2011 wp-config.php
drwxr-xr-x   5 username  group      4096 Jul 17 03:41 wp-content
-rw-r--r--   1 username  group      1255 Mar 17  2010 wp-cron.php
-rw-r--r--   1 username  group       246 Dec  9  2010 wp-feed.php
drwxr-xr-x   8 username  group      4096 Jul 12  2011 wp-includes
-rw-r--r--   1 username  group      1997 Oct 23  2010 wp-links-opml.php
-rw-r--r--   1 username  group      2525 Jun 29  2011 wp-load.php
-rw-r--r--   1 username  group     27601 Jun 22  2011 wp-login.php
-rw-r--r--   1 username  group      7774 May 26  2010 wp-mail.php
-rw-r--r--   1 username  group       494 Dec  9  2010 wp-pass.php
-rw-r--r--   1 username  group       224 Dec  9  2010 wp-rdf.php
-rw-r--r--   1 username  group       334 Dec  9  2010 wp-register.php
-rw-r--r--   1 username  group       224 Dec  9  2010 wp-rss.php
-rw-r--r--   1 username  group       226 Dec  9  2010 wp-rss2.php
-rw-r--r--   1 username  group      9839 Jun 29  2011 wp-settings.php
-rw-r--r--   1 username  group     18646 May 22  2011 wp-signup.php
-rw-r--r--   1 username  group      3702 Feb 24  2010 wp-trackback.php
-rw-r--r--   1 username  group      3266 Apr 17  2011 xmlrpc.php

If seeing the subdirectories' contents would be helpful, let me know and I'll post them.

I figure the spammers know how a standard Wordpress installation exists, i.e., its file names and their location. So I'm thinking all I need to do is change the names of the apps that control posting comments and registering.

Since they can't see a listing of files in my WP directory, changing the names of the apps to some off-the-wall things no one else would ever think of should solve the problem. :evil:

This is where someone else's knowledge of WP will do wonders for me, so I don't have to figure it out myself.

First, which files are the culprits?

Second, which files are THOSE files referenced in? For example, the file that allows someone to post comments, what's its name AND where is it referenced by WP so that the 'post comment' function works when someone wants to post a comment? Whatever I change its name to, I'll have to adjust anywhere it's referenced to reflect its new name.

Damn, this turned out MUCH longer than I expected. Oh well.

PS I know I could have posted this on some Wordpress forum somewhere...but then I'd have spared AF my very verbose verbosity. :laugh:

 

[9to5cynic]

What WP version are you using? I'll fire up my WP VM and see if I can't find anything out.

I'm guessing the spammers are using an automated tool or script to create the accounts.

 

[9to5cynic]

Okay, looks like the wp-comments-post.php file is the one. But I'm not a WP expert. You could probably use sed to get all the instances of that filename changed quickly.

 

[palmtree5]

You may want to check this out

 

[MoodyBlues]

What WP version are you using? I'll fire up my WP VM and see if I can't find anything out.

Thanks. It's v3.2.1, although I'm being nudged to upgrade to 3.5.2.

I'm guessing the spammers are using an automated tool or script to create the accounts.

Right--but without the specific files existing as they expect them to [on my server] their scripts won't work. :evil:

 

[MoodyBlues]

You may want to check this out

Thanks--I'll explore it thoroughly later on. A quick glance showed that they refer to a plug-in called Akismet. I don't remember now what the problem was, but I recall that when I installed that [back when I installed WP on my server], there was a hiccup with it and...something. I know it never successfully finished installing, but I don't recall why.

Also, and I'll know more when I actually explore the info there, keep in mind that my issue does NOT involve people physically accessing the blog and posting comments. They're doing it without visiting. But I don't know whether or not that's addressed there--we'll see!

 

[MoodyBlues]

Update: I looked through the link above but didn't see anything down-and-dirty like what I wanted to do. Considering I don't have the...enthusiasm?...to dissect everything myself right now, I've ended up adjusting settings from within WP that have at least made it more difficult for spammers to register and/or post. SOMEDAY, when I have the...enthusiasm?!...I'll do it the other way.

 

[saptech]

I have a WordPress account and need to work on it more myself. I'm just not into the tech stuff as much as I used to be.