me my books my blog keep in touch

I could be hacked.

Writing this blog has been an interesting process for me. Every week I try to think of something interesting to say and I think we can all agree that some weeks I am more successful than others. The thing that is weird about blogging is that I tell a story…and then that’s it. If I told you the story in person, you would presumably respond with some sort of feedback, even if it was as unenthusiastic as “oh.” When I started my blog, I assumed that the comments section would be full of – well, comments – as in dialogue-starting responses to my writing. You know what they say about assuming though…in reality, I have gotten very few actual comments and a lot of spam comments. Thankfully, my blog is set up so that I can accept or decline comments before they show up on my website because otherwise it would be chock-full of nonsense like this one I received in response to my 25 interesting things list:

although I consume a lot of of my day on the net playing video games like myspace poker or restaurant city, I nonetheless like to put aside some spare time to browse a couple of blogs sometimes and I’m seriously happy to report this newest statement is frankly reasonably good quality and really superior than half the other rubbish I read today, anyways i’m off to take up a few hands of facebook poker

Gee, thanks…nice to know that my writing is “frankly reasonably good quality” when compared to “rubbish.” At least this one wasn’t inviting me to check out porn sites or asking me to play MySpace poker.

These spam comments are annoying, but I trash them and go on with my life. Then last night I got notice of a new user registration. I was not aware that it was possible for users to register with my blog! I will admit, I felt a bit freaked out. I went to my website and tried to figure out how one could register…I didn’t see an option for it. I poked around everywhere I could think of (which I’ll admit wasn’t that many places) to see where or how this registration could have occurred. I heard a car outside on the street and irrationally panicked. I called Hubby #1, who was at his monthly guys night out.

“My blog has been hacked!”
“What are you talking about?” Hubby #1 asked patiently.

I read him the notice:
New user registration on your blog :
Username: MisterX45881
E-mail: JohnDillinger1903@***.com

“Is there anything on your blog that you didn’t post?” he asked.
“No,” I admitted.

I did have a fleeting moment of calm where I thought to myself that the chance of someone hacking into my website seemed unlikely…it’s not like I have any government secrets or bank codes, but still…I’m afraid of stalkers; and doesn’t stalking begin with hacking? I googled MisterX4588 – nothing. I googled John Dillinger – something! John Dillinger was a bank robber in the 1930’s who was considered a modern day Robin Hood. He died in 1934 and Johnny Depp played him in the movie Public Enemies. Hmmm…he probably isn’t the one hacking (or not hacking) my blog. I could not figure out who this person was or what he wanted with my super-cute website.

Eventually, I grew tired of dealing with my would-be hacker – I could never figure out how this person had registered himself or what he could accomplish as a registered user…plus I had the season premiere of Tori and Dean waiting on my Tivo. So, I shut down for the night still feeling slightly victimized. This morning all seemed well on my website and blog. Phew. Eventually I will figure out how to remove the comment section unless I start getting some worthwhile comments (hint, hint). In the meantime, please assume that any less successful posts are most likely the work of John Dillinger, but that the particularly inspired ones continue to come from yours truly.

8 Responses to “I could be hacked.”

  1. IAmNotAHacker says:

    Hi Kirsten, the same person has also registered on my blog, calling himself MisterX66896 that time around. No worries, he cannot post anything on yours. I tested that by subscribing to your blog (I am going to explain to you how this can be done or prevented) and taking a look at your dashboard (no way to post anything.) Not sure if MrX wants to be a legitimate subscriber, but he sure as hell sucks as a hacker.

    On the other hand, MrX definitely seems to be a well-rounded person if he’s equally interested in the topic of your blog and mine, as the two blogs have very little in common (probably apart from being written by truly charismatic writers.).

    How people subscribe to your blog: on its right sidebar you can find, among other things, the word Register. If you click on it, you will be redirected to the page of your blog that allows anyone to register. Anyone can type their selected username and email address, and they will receive a password via email.

    The easiest way to prevent that is to go to your Settings panel (on your author dashboard on the left side of the sidebar, look for the word Settings and click it) and uncheck the checkbox next to the line that says “Allow anyone to subscribe”. Then save the new settings by clicking the Save Changes button below. And voila, no one can register from now on.

    Not sure if that’s what you really want though, because having registered users means that people follow your blog. It’s a good thing that people register to it. So you may want to put the check mark back into that checkbox.

    Also note on the same Settings page that the new default user role is set to Subscriber. This essentially means that any new register user can only read your posts but cannot post anything on your blog. You, being an Administrator, can promote them to the status of Contributors or Authors, but they cannot promote themselves.

    If you would like to ban a specific person from your blog, open your dashboard again and find the word Users on the left sidebar. Click it and you will see the list of all users subscribed to your blog, including yourself as an Administrator and our good friend MrX as a subscriber. Put a check mark in the checkbox next to the icon that represents MrX, and hover your mouse over that icon. You will see the word Delete. Click it. A new panel will open asking you to confirm your decision to delete the user. Click the confirm button. That’s it, the user has been deleted.

    Hope this helps.

  2. Tim says:

    No joke! Glad I came across this post. Thankfully I’m not alone. Aside from that, I got an email from that guy from that EXACT email. He signed up as a subscriber on my blog, but there wasn’t anyway that he could register on my blog. Everything is almost the same except that he never emailed me and that his username was: MisterX69849. Still really suspicious and worried.

  3. Jen says:

    Thanks for posting this Kirsten. As I said in my email to you, I found your blog through google as I had the same thing happen to me last night on my blog. Still trying to get to the bottom of it. Very strange!

  4. Dylan says:

    Hey Kirsten, I had the same thing happen to me. This exact Dillinger guy added himself as a subscriber to my site as well. After reading your post I deleted him off my user list, just to be safe. Apparently, he was added on the 7th of April. Did he register himself on your site the same day? Kinda strange. Maybe his email targets WordPress blogs. But I’m just as confused as you probably are. Anyway, stay safe and maybe we can find out who this guy is at some point.

  5. amrosama says:

    Hi ,
    i got this post from googling his email. he registered at my wordpress bog too.
    i guess the right thing is to delete him :D
    thnx for letting people know about this
    cheers

  6. Sister-in-Law #1 says:

    Even if I were not a nearly-blood-relative I would read your blog as often as I could. I love this thing. It is unfailingly funny. My only complaint is the new posts never come soon enough – I could read it every day! xxx

  7. steve says:

    Got the exact same thing happen to me ..lets see if there is some kind of relationship between us all…

    Username: MisterX45881
    E-mail: JohnDillinger1903@gmx.com

    Im located in vancouver bc canada

    I do not have the register link in my sidebar or anywhere for that matter,but im sure that would be a typical /wp-admin/register type address.Anyone can register was ticked in settings

    Happened 6th april

    My hosting is at lunarpages in cali
    My blog is about plaster and stucco.

    I just simply deleted him

  8. Hannie says:

    Hey hun!!
    Similar comment to the others – same thing happened to me! I had a look around the internet too for other bloggers with the same problem.
    The things I came up with are:
    1) he registers when it’s possible to. some people think that he only register’s when you can automatically become an editor/admin and then ridiculously span your site. However, this isn’t true for my site, so I doubt this is true. But be careful instead.
    2) I had a look at the time stamps for everywhere I looked at it seems that this John only started working yesterday (8th). I don’t know what this means, but I saw it, and wanted to point it out to you :P
    3) Each time he signs up he has different 4 digits at the end of the username
    4) All of the blogs have no connection. For that reason, I think it is a spam bot just trying to get connections/emails/places to spam so they can advertise or whatever they want to do.
    Hope this helped!! :)
    Hannie x

Leave a Reply