[wp-hackers] Fw: webloog.com

Ric Johnson RicJohnsonIII at hotmail.com
Sat Oct 15 01:08:29 GMT 2005


Matt,

Contact me personally if you wish Scott's email

Also, the new user of http://www.webloog.com/  is Mathew Evens - you can get 
his contact info at http://Bloog.Com
He sure can use your help fixing this site. I do not know Matt Evens 
personally, he is just an OpenDomain user.  Please do not punish him or the 
WebBloog WordPress community because you decided to break your word.

Ric
----- Original Message ----- 
From: "ifelse" <wordswithstyle at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, October 14, 2005 8:50 PM
Subject: Re: [wp-hackers] Fw: webloog.com


> "Scott - can you please post the holes you found publicly?"
As Matt has said,  any security issues with WordPress should be sent to
security at wordpress.org and not to the public lists (as stated at
http://wordpress.org/about/contact/).

On 15/10/05, Ric Johnson <RicJohnsonIII at hotmail.com> wrote:
> To the Wordpress team:
>
> As I am not a php expert, I did not validate the claims.  I thought this 
> was
> the place to air concerns of this nature.
>
> This has nothing to the OpenDomain program - I just received an email from 
> a
> user of one of the domains.  I did find another person to support this 
> WPMU
> community, and they have not found any problems.
>
> Here is the original email I received from Scott Skykes.
>
> -----------------------------
> Hey Ric,
>
> Just letting you know i am halting webloog.com service.  A friend of mine
> that does security detection and repair for corporations told me of some
> nasty holes in the wordpress MU program.  Within the 10 minutes he looked 
> he
> found 13 holes to get into the server...who knows how many more there are.
> I had to let my host know about the access he did on the server so they 
> are
> making me end the program asap also i dont want the potential of someone
> killing my host and other sites i run.
>
> If you have someone else wanting to use the site i would highly suggest
> giving it to them...it's got a really high ranking right now so it would 
> be
> good for someone to take over.  I will keep the database just in case you
> need it for any reasons.
>
>
> Thanks Ric...i'll be notifing wordpress.org of the security risks.
>
> ~Scott Sykes~
> ---------------------------------------------
>
> Scott - can you please post the holes you found publicly?
>
> -----------------------------------------
>
>
> ----- Original Message -----
> From: "Matt Mullenweg" <m at mullenweg.com>
> To: <wp-hackers at lists.automattic.com>
> Sent: Friday, October 14, 2005 7:42 PM
> Subject: Re: [wp-hackers] Fw: webloog.com
>
>
> > Chris Lott wrote:
> >> Without getting into whatever politics and domain squatting or
> >> whatever else is going on, the security audit that was performed here
> >> appears to point to holes in the WPMU code (at least that is the
> >> implication of the letter). Is this true? Are these concerns being
> >> addressed?
> >
> > I have not received any security details or information, so I'm inclined
> > to call this crying wolf until we do.
> >
> > --
> > Matt Mullenweg
> >  http://photomatt.net | http://wordpress.org
> > http://pingomatic.com | http://cnet.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


--
Phu
http://ifelse.co.uk
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list