[wp-forums] Akismet Hacking Thread
Andrew Nacin
wp at andrewnacin.com
Wed Jul 13 22:34:32 UTC 2011
On Wed, Jul 13, 2011 at 10:58 AM, Kevin Gagel (gagel) <gagel at cnc.bc.ca>wrote:
> That statement makes the whole plugin infrastructure look like a high risk
> platform security issue. Why would I want to keep something that is so
> easily exploited and apparently deliberately insecure?
>
I think you mis-interpreted. Backdoors added through server intrusions are
often masked into its surroundings. For example,
wp-includes/not-a-backdoor.php, or dropping code into
wp-includes/functions.php or, in this case, akismet.php. Very little we can
do about that beyond tools like Exploit Scanner.
Nacin
More information about the wp-forums
mailing list