[wp-hackers] Fw: webloog.com

Ric Johnson RicJohnsonIII at hotmail.com
Sun Oct 9 16:57:17 GMT 2005

I have a user of the OpenDomain program that has been using the domain http://Webloog.Com to support about 520 users on a WordPress MultiUser install on his server. He sent me an email that he can not have the WPMU up any more due to security concerns.

1)  Can you let me know if his fears are founded?
2)  Is anyone on this list willing to accept support of this community on their servers?
3)  WordPress.Com is also an OpenDomain, but Matt still has not updated the site with a link to OpenDomain.Org - can anyone on this list fit it or contact Matt?

----- Original Message ----- 

Sent: Saturday, October 08, 2005 10:34 PM
Subject: webloog.com

Hey Ric,

Just letting you know i am halting webloog.com service.  A friend of mine that does security detection and repair for corporations told me of some nasty holes in the wordpress MU program.  Within the 10 minutes he looked he found 13 holes to get into the server...who knows how many more there are.  I had to let my host know about the access he did on the server so they are making me end the program asap also i dont want the potential of someone killing my host and other sites i run.

If you have someone else wanting to use the site i would highly suggest giving it to them...it's got a really high ranking right now so it would be good for someone to take over.  I will keep the database just in case you need it for any reasons.

Thanks Ric...i'll be notifing wordpress.org of the security risks.

                                              ~Scott Sykes~

                                                Matthew 6:33 - 
and he will give you all you need from day to day if you live for him and make the Kingdom of God your primary concern.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20051009/d45a1afa/attachment.htm

More information about the wp-hackers mailing list