About Pingback disabling, great plugins for preventive measures and the “Superpuperdomain.com” WordPress Hack

Should you disable Pingback or shouldn’t you. From all the research I’ve done and from the comments I’ve been receiving lately on most of my blogs, I think it would be advisable to disable Pingback.

Here are easy ways to disable Pingback from further working (Two ways Settings and SQL):

Are you bothered by the pingbacks and trackbacks some spam sites post on one of your blog entries? It’s good as far as they are not being posted by spam sites and is a legitimate way to quote mentions of your post by other sources. However now-a-days it’s mostly the spam sites trying to steal your visitors by posting pingbacks and trackbacks. Here are two things you need to do to disable trackbacks and pingbacks on your wordpress blog……Learn More

How to disable Pingback from old blog posts and blog links (Two Ways: Through Child Theme or Plugin):

You have probably noticed that when you link to a post on the same site you will get a pingback on the old post with a link to your new post. If you for whatever reason wants to get rid of those internal pingbacks, simply put the following code snippet in your functions.php. Note that you will still get pingbacks from other sites…..Learn More

As I investigate further, I learn more that Spammers are using a flaw in the logic used by WordPress whitelist and sending emails to you because they are listed as “acceptable.” Thus, if there is a comment in which you accepted from a Blogger who is being Spammed, then you will receive emails through them from Pingbacks.

Here you have a Plugin to help you fight Pingback Comments:

Defeat automated spambots by adding a client side generated checkbox asking the comment author to confirm that they are not a spammer.

This plugin will add a client side generated checkbox to your comment form asking users to confirm that they are not a spammer. It is a lot less trouble to click a box than it is to enter a captcha and because the box is generated via client side javascript that bots cannot see, it should stop 99% of all automated spam bots.

A check is made that the checkbox has been checked before the comment is submitted so there’s no chance that a comment will be lost if it’s being submitted by legitimate human user……Learn More

Here’s another that works the same way:

Todd Lahman’s comment spam blocking plugin that blocks 100% of the automated spam with zero false positives.

Spam Free WordPress is a comment spam blocking plugin that blocks 100% of the automated spam with zero false positives. There is no other plugin, or service, available for WordPress that can claim 100% accuracy with zero false positives, not even Akismet. Manual spam is blocked with an IP address blocklist.

This plugin was born out of necessity in September of 2007 when HollywoodGrind was getting a lot a traffic, and with it a lot of spam that multiple plugins could not stop, but instead increased the load on the server fighting the spam. Since its birth, Spam Free WordPress has been tested successfully under real world heavy traffic, and heavy comment spam, conditions…..Learn More

If you have been hacked, try this scanner for your blog:

WP-MalWatch is a WordPress security plugin that performs a nightly scan of your WordPress blog looking for evidence of malware.

WP-MalWatch is a WordPress security plugin scanner designed to help alert you when hackers have been at work inside your blog.

When hackers infiltrate a blog, the first thing they do is plant hidden files, disguised .PHP, and malicious .HTACCESS files in various directores. Their goal is to litter your WordPress installation and theme with links to their sites.

WP-MalWatch performs a security scan of your WordPress installation nightly looking for evidence of foul play and if WP-MalWatch finds it, a dashboard widget will tell you were you should take a closer look. WP-MalWatch’s detailed report also provides you a very easy interface for looking at the contents of these files right from within WordPress so you don’t have to get into messy FTP clients and editors looking at potential problems.

Version 2.1.2 of WP-MalWatch is based on 2.0.2 which was a complete rewrite of the original WP-MalWatch plugin and provides efficient malware scanning. Version 2.1.2 looks for hidden files, HTACCESS files, configurable file patterns, keywords in theme files, encode 64 calls in key WordPress files, and .PHP files in the uploads directory.

Does WP-MalWatch protect your blog?

NO! WP-MalWatch is a scanning plugin that allows a blogger to easily identify the presence of files in a blog installation and provides a simple viewer for examining them……Learn More 

“Superpuperdomain.com” WordPress Hack 

Follow the instructions very carefully in the link provided at the end of the intro and you’ll be in fine shape:

A few days ago a new PhpRemoteView hack, a malicious JavaScript loading from superpuperdomain.com/count.php, attacked many WordPress website, including some of mine. There are already a few discussions on this topic and it was a pretty difficult to find a reliable source how to get rid of this problem, but a few websites like tbogard.com and techspheria.com introduce interesting solutions, which I combined together and first tested on my sites, before wraining this article (it worked on my WP blogs btw:)

Generally, the JavaScript………..

………………….redirects visitors that were going to the WordPress site to fake search engines full of ads. To check if you have it (except the obvious- redirection:), try to find a similar chunk of code on your homepage (it should appear just at the end of the html code, behind the closing body tag:

• Those files are added by hackers and are a part of the phpRemoteView hack, but just in case back up those files (do not open them!!!)……..Learn More
  

I hope you learned more about the ongoing Pingback spamming and the Superpuper.com Hack. The Plugins and links I posted here should help you further. Good Luck and don’t forget to update and upgrade regularly.