[wp-hackers] xmlrpc issue or no?

James Davis james at freecharity.org.uk
Sun Feb 3 16:19:27 GMT 2008


On Sat, 2008-02-02 at 17:39 -0800, Jared Bangs wrote:

> The evidence was basically just the reports of people's posts being
> compromised in this manner. Since they were pretty serious, I think we could
> have done more to either confirm or deny that there was a vulnerability that
> caused this to be possible. I didn't say anyone overlooked this; I was only
> suggesting that perhaps the issue shouldn't have been dropped as soon as it
> was when a cause could not originally be identified.

I feel I should chime in as the original owner of that trac ticket. I
hope this is evidence that I was taking the issue seriously and wanted
to work to fix it.

At the time the ticket was closed there was no evidence that what was
being seen was anything anything more than people noticing a past
exploitation through a known, fixed, issue. No one could provide even a
rough guess as to when their site was exploited, only when they had
noticed it. There was no evidence as to the vector the exploit used.

No one doubted that users were experiencing problems, one of my own
installations had been exploited. My logs didn't go back far enough to
pin point when so I couldn't confirm an issue with the current release.
I extended my logging across all my installations with the hope of
catching it again. I've been monitoring my logs over the past month.

I didn't see anything wrong with closing the ticket as until actual
evidence was found, there was little to do beyond stare at the code and
hope for enlightenment.

James

-- 
http://www.freecharity.org.uk/ - Free webhosting for charities
Telephone: 01348 800101                  and non-profit groups



More information about the wp-hackers mailing list