My site was temporarily hacked by a comment spammer this morning. I was able to log into the database and delete the comments that way. I've since upgraded to PP 1.5b1, and I really like the changes. This message may not fit into this category, but I wanted to share the offending IPs so anyone can add them to their blocked list.

131.175.189.134
194.109.206.212

Here were their entries:
http://www.ericrasch.com/comment-attack.jpg

Thanks,

Eric

you could not delete the comments from admin?

Nope... whenever I hit the comment page, either from the admin or the home page, the redirect script ran. So, the only way to get in there and delete them was from the database itself (though phpMyAdmin in my case).

They made 5 comments and the last one ran a script. Here's the script code they entered (explatives deleted):

GET READY FOR SOME REDIRECTING B***H\r\n\r\n<script language=\\"javascript\\">\r\ndocument.write(\\"LOLOLOL\\");\r\nparent.location.href=\\"http://halflife2.zoy.org\\";</script>

aha, that is something which will be fixed in 1.5 Final, malicious code which is executed when reading comments either in comment page or in admin mode

I promise you that will not happen with the next release any more
now you did the right thing, delete it in the database...

Well the idiot hit my site as well - just that HTML is allowed in comment - Guess the devs should make public a patch.

There are also a lot of other XSS and SQL inejction loopholes in PP I had contacted Ramina about it and he said that I should make them public - I did not want to at that time and then forgot about it... so if any of the devs are interested please contact me via PM or send an email to photographer@se.nsuo.us

please send us the info by mail or pm!

Send it to us via email: thecrew (at) pixelpost {dot] org

I added those IP addresses. Are you sure they were them?

By the way, you should report this to the FBI. They have a log for this. They may not do anything right now, but as these guys escalate and begin hacking sites that have the moeny to prosecute, this will be part of the charges.

Don't just let it go.

I've got attacks from 5 separate IPs, as well as the apache logs. PM me if you want the logs.

hmm maybe its just laziness.. but reporting such an "issue" to the fbi seems to me like breakin a fly on the wheel. don't take this personal...

Well, I got hacked. I have no idea how to fix this, I'm a noob.

What should I do? Is there a different more safe application?

Well, I got hacked. I have no idea how to fix this, I'm a noob.

What should I do? Is there a different more safe application?

yeah there are more safe applications there. try wordpress. but I don't know what happened to you that you say you are hacked. You can't login anymore?

This has happened to me as well. Certain comment pages get re-directed (as do clicking on the comment view in Admin mode). The re-direct goes to a site I had never heard of...luckily its nothing dodgy.

At first I though it may have been spyware on my PC but it happens in the same place from my work machine.

Unfortunately I cannot see where this happens. All the comments look real.

This has happened to me as well. Certain comment pages get re-directed (as do clicking on the comment view in Admin mode). The re-direct goes to a site I had never heard of...luckily its nothing dodgy.

At first I though it may have been spyware on my PC but it happens in the same place from my work machine.

Unfortunately I cannot see where this happens. All the comments look real.

many many posts on the same issue.
for a quick cure look at
http://forum.pixelpost.org/showthread.php?t=3251 (read it entireley)

the official patch will be announced today.