[wp-forums] found it
James Huff
macmanx at gmail.com
Sat Aug 14 21:02:51 UTC 2010
I don't think the code was active, it was just filtered as a warning by AVG.
I'd be concerned about filtering. You know the old saying, once you filter the bad stuff, you filter the good stuff too. If we start filtering things like "eval(" we'll be unintentionally filtering users who have a legitimate reason for posting something like that.
As suggested by Samuel on that topic, I think we need to be stricter about simply removing pasted code and referring users to the pastebin.
________
James Huff
http://www.macmanx.com
http://programnotes.wikia.com
On Aug 14, 2010, at 1:54 PM, Mark Ratledge wrote:
> I advised them to use pastebin beforehand, but sounds like they're fairly new.
>
> And when I saw it, I didn't realize code could be active like that. Looked like code usually found in a hacked htaccess, but was in wp-config.
>
> Wonder if there is a way for bbpress to strip out some parts of exe code?
>
>
> On Aug 14, 2010, at 2:41 PM, S Bollinger wrote:
>
>> a guy posted his .htaccess with the exploit in it
>> removed the code and warnings have stopped
>> wow
>> Samuel B.
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list