Originally published at Enemy of Entropy. Please leave any comments there.
Please forgive me! I’m investigating what happened, and do not expect a repeat of the incident.
I’ve been using Twitter Tools, a WordPress plug-in from Alex King (a highly reputable person) for a month or so. I’ve had no trouble with it ’til now. It wasn’t configured to post my Twitter messages to my blog, or to post to Twitter when I made blog posts. Twitter Tools was supposed to display a sidebar widget of Tweets and post a do a daily summary of my Tweets. The daily summary wasn’t working, and I hadn’t gotten around to figuring out why, but otherwise things were fine. Until 11:59 last night, anyway.
Since the spam didn’t hit my Twitter feed, I don’t think the problem is with Twitter. If the blog itself were compromised, why would the messages have been posted via Twitter Tools? So I think the security hole is in Twitter Tools or the way Twitter and WordPress work together.
In any case, passwords have been changed all around and the plug-in has been uninstalled. I’ll let Mr. King know about the problem immediately.
Thank you for your patience.
I especially appreciate the heads-up from the person who contacted me to let me know that there was a problem. Because of my health issues, I’m not online as much as I used to be, so I wasn’t able to rectify the problem right away.