[wp-hackers] Fw: webloog.com

Ric Johnson RicJohnsonIII at hotmail.com
Sat Oct 15 00:38:39 GMT 2005


To the Wordpress team:

As I am not a php expert, I did not validate the claims.  I thought this was 
the place to air concerns of this nature.

This has nothing to the OpenDomain program - I just received an email from a 
user of one of the domains.  I did find another person to support this WPMU 
community, and they have not found any problems.

Here is the original email I received from Scott Skykes.

-----------------------------
Hey Ric,

Just letting you know i am halting webloog.com service.  A friend of mine 
that does security detection and repair for corporations told me of some 
nasty holes in the wordpress MU program.  Within the 10 minutes he looked he 
found 13 holes to get into the server...who knows how many more there are. 
I had to let my host know about the access he did on the server so they are 
making me end the program asap also i dont want the potential of someone 
killing my host and other sites i run.

If you have someone else wanting to use the site i would highly suggest 
giving it to them...it's got a really high ranking right now so it would be 
good for someone to take over.  I will keep the database just in case you 
need it for any reasons.


Thanks Ric...i'll be notifing wordpress.org of the security risks.

~Scott Sykes~
---------------------------------------------

Scott - can you please post the holes you found publicly?

-----------------------------------------


----- Original Message ----- 
From: "Matt Mullenweg" <m at mullenweg.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, October 14, 2005 7:42 PM
Subject: Re: [wp-hackers] Fw: webloog.com


> Chris Lott wrote:
>> Without getting into whatever politics and domain squatting or
>> whatever else is going on, the security audit that was performed here
>> appears to point to holes in the WPMU code (at least that is the
>> implication of the letter). Is this true? Are these concerns being
>> addressed?
>
> I have not received any security details or information, so I'm inclined 
> to call this crying wolf until we do.
>
> -- 
> Matt Mullenweg
>  http://photomatt.net | http://wordpress.org
> http://pingomatic.com | http://cnet.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 


More information about the wp-hackers mailing list