[wp-hackers] xmlrpc issue or no?

Jared Bangs jared at pacific22.com
Sun Feb 3 18:34:05 GMT 2008

On Feb 3, 2008 8:19 AM, James Davis <james at freecharity.org.uk> wrote:

> I feel I should chime in as the original owner of that trac ticket. I
> hope this is evidence that I was taking the issue seriously and wanted
> to work to fix it.
> At the time the ticket was closed there was no evidence that what was
> being seen was anything anything more than people noticing a past
> exploitation through a known, fixed, issue. No one could provide even a
> rough guess as to when their site was exploited, only when they had
> noticed it. There was no evidence as to the vector the exploit used.
> No one doubted that users were experiencing problems, one of my own
> installations had been exploited. My logs didn't go back far enough to
> pin point when so I couldn't confirm an issue with the current release.
> I extended my logging across all my installations with the hope of
> catching it again. I've been monitoring my logs over the past month.
> I didn't see anything wrong with closing the ticket as until actual
> evidence was found, there was little to do beyond stare at the code and
> hope for enlightenment.

I get your point, in that since no one was able to definitively point to a
specific time & version when their installations had been compromised there
was no solid proof yet that the very latest version still contained the
vulnerability. I'd still disagree with closing the ticket so quickly under
those circumstances, but I respect your differing opinion.

More information about the wp-hackers mailing list