Title: Oembed_cache status
Last modified: February 28, 2018

---

# Oembed_cache status

 *  Resolved [digitaldavid](https://wordpress.org/support/users/digitaldavid/)
 * (@digitaldavid)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/oembed_cache-status/)
 * Hi,
 * I recived this alert from sucuri
 * Event: Post Update
    Website: XXXXXXXXXXXXX IP Address: 40.77.167.172 Reverse 
   IP: msnbot-40-77-167-172.search.msn.com Date/Time: 28 February 2018 8:48
 * Message: Oembed_cache status has been changed; details: ID: 433,Old status: new,
   New status: publish,Title:
 * What is this? Is this a virus attack? How can I solve?
 * Many thanks.
 * Davide

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Thread Starter [digitaldavid](https://wordpress.org/support/users/digitaldavid/)
 * (@digitaldavid)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/oembed_cache-status/#post-10023156)
 * I’ve olso noticed that the ip 40.77.167.172 is a verified bingbot.
 * Do you have any idea?
 *  [yorman](https://wordpress.org/support/users/yorman/)
 * (@yorman)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/oembed_cache-status/#post-10025290)
 * This is related to this ticket [1].
 * > What is this?
 * Bingbot [2] is crawling your website and in the process, requesting WordPress
   to clear the oEmbed cache [3].
 * > Is this a virus attack?
 * No, it is not.
 * > How can I solve?
 * You can do one or more of the following things:
    - Disable WordPress oEmbed API [4]
    - Block Bingbot from accessing your website [5]
    - Disable alerts for `oembed_cache` in the plugin settings
 * [1] [https://wordpress.org/support/topic/issues-with-spamming-post-updates/](https://wordpress.org/support/topic/issues-with-spamming-post-updates/)
   [
   2] [https://www.bing.com/toolbox/verify-bingbot](https://www.bing.com/toolbox/verify-bingbot)[
   3] [https://oembed.com](https://oembed.com) [4] [https://kinsta.com/knowledgebase/disable-embeds-wordpress/](https://kinsta.com/knowledgebase/disable-embeds-wordpress/)[
   5] [https://blogs.bing.com/webmaster/2012/05/03/to-crawl-or-not-to-crawl-that-is-bingbots-question](https://blogs.bing.com/webmaster/2012/05/03/to-crawl-or-not-to-crawl-that-is-bingbots-question)
 *  Thread Starter [digitaldavid](https://wordpress.org/support/users/digitaldavid/)
 * (@digitaldavid)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/oembed_cache-status/#post-10034940)
 * Hi,
 * Now i’m reciving tons of email like this from many sources such as google bot,
   analytics sites and others:
 * IP Address: 66.249.64.90
    Reverse IP: crawl-66-249-64-90.googlebot.com Date/Time:
   3 March 2018 1:20
 * Message: Post status has been changed; details: ID: 7841,Old status: new,New 
   status: publish,Title: HEREISTITLE
 * All with the title HEREISTITLE.
 * Is this something like the oambed alert?
 * What is this?
 * Is it a virus?
 * What can I do?
 * Many thanks.
 * Davide
 *  [yorman](https://wordpress.org/support/users/yorman/)
 * (@yorman)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/oembed_cache-status/#post-10036324)
 * > Is this something like the oambed alert?
 * It doesn’t looks like it.
 * > What is this?
 * To me, this looks like the result of a successful SEO spam injection.
 * There are hundreds of posts on WordPress sites with the title `HEREISTITLE` and
   content `HEREISCONTENT`, most of them created at the beginning of 2016. Some 
   of them contain obfuscated links pointing to other websites full of generic spam,
   others are completely empty. I believe they are all acting as a beacon to notify
   the attacker that a website is vulnerable to SEO spam, they will sell this list
   of websites to whoever is interested to serve malicious ads or unrelated content
   to promote their own products/services.
 * > Is it a virus?
 * It is the symptom of an attack commonly known as SEO poisoning spam [1].
 * > What can I do?
    - Disable any form that you are not currently controlling;
    - Install and enable a comment moderation tool to filter malicious text;
    - Read about Akismet [2] and how to configure it to protect your site;
    - Remove all suspicious published and unpublished/draft pages and posts;
    - Consider to install a web application firewall [3] to prevent reinfections.
 * [1] [https://blog.sucuri.net/2012/11/website-malware-seo-poisoning.html](https://blog.sucuri.net/2012/11/website-malware-seo-poisoning.html)
   [
   2] [https://akismet.com](https://akismet.com) [3] [https://www.google.ca/search?q=web+application+firewall](https://www.google.ca/search?q=web+application+firewall)

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Oembed_cache status’ is closed to new replies.

 * ![](https://ps.w.org/sucuri-scanner/assets/icon-256x256.png?rev=2875755)
 * [Sucuri Security - Auditing, Malware Scanner and Security Hardening](https://wordpress.org/plugins/sucuri-scanner/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/sucuri-scanner/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/sucuri-scanner/)
 * [Active Topics](https://wordpress.org/support/plugin/sucuri-scanner/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/sucuri-scanner/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/sucuri-scanner/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [yorman](https://wordpress.org/support/users/yorman/)
 * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/oembed_cache-status/#post-10036324)
 * Status: resolved