Seems the spammer has finished his holiday and resumed spamming. And the clean up I did last time wasn’t good enough (I’m on the current version of WP).
So another day wasted doing clean up — and this time I’ve done a lot more WP hardening. Hopefully that’ll fix it and I can get back to some more productive things!
Hi,
I can’t help but notice that you are using the Spam Karma 2 plugin for wordpress, which the developer removed support for a year ago. the Akismet plugin does a fantastic job of handling spam on many blogs, and is constantly updated. Also, perhaps adding a CAPTCHA user-identification plugin might do the trick, or the creation of a htaccess file that rejects commments from users with no reference URL.
This post is a great one for cleaning up a hacked blog, if this is an issue: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
Good points in general, thanks. Though in this case someone was doing UPDATES directly on my wp_posts table (I don’t know how), and they were messing up the escaping of special characters which is how I first noticed, so it wasn’t the typical comment spam. SK2 still handles that just fine, for now at least.