[wp-forums] Akismet Hacking Thread
Kevin Gagel (gagel)
gagel at cnc.bc.ca
Wed Jul 13 23:06:15 UTC 2011
-----Original Message-----
Sent: Wednesday, July 13, 2011 3:35 PM
On Wed, Jul 13, 2011 at 10:58 AM, Kevin Gagel (gagel) <gagel at cnc.bc.ca>wrote:
> That statement makes the whole plugin infrastructure look like a high
> risk platform security issue. Why would I want to keep something that
> is so easily exploited and apparently deliberately insecure?
>
I think you mis-interpreted. Backdoors added through server intrusions are often masked into its surroundings. For example, wp-includes/not-a-backdoor.php, or dropping code into wp-includes/functions.php or, in this case, akismet.php. Very little we can do about that beyond tools like Exploit Scanner.
Nacin
_______________________________________________
[Kevin Gagel] I understand that, however you misunderstood what I said. The way your worded your original statement made it appear that there was this rather large hole in WordPress. I have no problem with the idea that knowing any aspect of a site gives a point of reference for intrusion attempts or that the plugin's can be used for such an attempt.
Have another look at your original post and review with respect to what I said above and you might see I was not disagreeing with you but pointing out that your statement made WordPress look like an inherently vulnerable platform which I'm sure you had not intended.
More information about the wp-forums
mailing list