[theme-reviewers] Emergency Call

Otto otto at ottodestruct.com
Fri Sep 3 13:56:22 UTC 2010


Actually, I went ahead and removed them from SVN because we don't need
malware of that sort in there.

But if you want a copy, I did save the bad functions.php file, just
for examination later. We may be able to detect this sort of thing in
the uploader and prevent it from uploading.

-Otto



On Fri, Sep 3, 2010 at 8:50 AM, Chip Bennett <chip at chipbennett.net> wrote:
> I'll have to take a look at those tickets.
> Good learning opportunity for the reviewers? (Or an example of why security
> gurus are needed, for a security-review stage of the process?)
> Chip
>
> On Fri, Sep 3, 2010 at 8:45 AM, Otto <otto at ottodestruct.com> wrote:
>>
>> Never mind. I see it. It's in the functions.php file, disguised. Clever.
>>
>> -Otto
>>
>>
>>
>> On Fri, Sep 3, 2010 at 8:42 AM, Otto <otto at ottodestruct.com> wrote:
>> > I'm looking at it now.. Where's the worm? Not finding it.
>> >
>> > -Otto
>> >
>> >
>> >
>> > On Fri, Sep 3, 2010 at 8:07 AM, Chris <chris at thematic4you.com> wrote:
>> >> Tickets #870 and #873
>> >>
>> >>
>> >>
>> >> Von: theme-reviewers-bounces at lists.wordpress.org
>> >> [mailto:theme-reviewers-bounces at lists.wordpress.org] Im Auftrag von
>> >> Edward
>> >> Caissie
>> >> Gesendet: Freitag, 3. September 2010 14:47
>> >>
>> >> An: theme-reviewers at lists.wordpress.org
>> >> Betreff: Re: [theme-reviewers] Emergency Call
>> >>
>> >>
>> >>
>> >> SVN is a forever land ... without intervention by a "System Admin" as
>> >> far as
>> >> I know.
>> >>
>> >> We can keep it out of Extend/Themes easy enough but beyond that we do
>> >> not
>> >> have much control.
>> >>
>> >> What tickets/themes are you refering to?
>> >>
>> >>
>> >> Cais.
>> >>
>> >> On Fri, Sep 3, 2010 at 7:08 AM, Chris <chris at thematic4you.com> wrote:
>> >>
>> >> Indeed .. infecting all installed themes of a blog.
>> >>
>> >>
>> >>
>> >> Von: theme-reviewers-bounces at lists.wordpress.org
>> >> [mailto:theme-reviewers-bounces at lists.wordpress.org] Im Auftrag von
>> >> Philip
>> >> M. Hofer (Frumph)
>> >> Gesendet: Freitag, 3. September 2010 13:00
>> >> An: theme-reviewers at lists.wordpress.org
>> >> Betreff: Re: [theme-reviewers] Emergency Call
>> >>
>> >>
>> >>
>> >> Oh fricken lovely.
>> >>
>> >> ----- Original Message -----
>> >>
>> >> From: Chris
>> >>
>> >> To: theme-reviewers at lists.wordpress.org
>> >>
>> >> Sent: Friday, September 03, 2010 3:55 AM
>> >>
>> >> Subject: [theme-reviewers] Emergency Call
>> >>
>> >>
>> >>
>> >> Hi,
>> >>
>> >>
>> >>
>> >> -          who is able to remove / delete / nuke two themes from the
>> >> SVN??
>> >>
>> >> -          Who is in charge of the the scripts running right after
>> >> theme
>> >> upload??
>> >>
>> >>
>> >>
>> >> Had an encounter with not so clean themes .. the themes are rejected,
>> >> but
>> >> need to be removed from the SVN as soon as possible.
>> >>
>> >>
>> >>
>> >> In addition I would like to see the upload script filtering for a not
>> >> so
>> >> nice wormy gift.
>> >>
>> >>
>> >>
>> >> Thanks,
>> >>
>> >>
>> >>
>> >> Chris
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> ________________________________
>> >>
>> >> _______________________________________________
>> >> theme-reviewers mailing list
>> >> theme-reviewers at lists.wordpress.org
>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> >> _______________________________________________
>> >> theme-reviewers mailing list
>> >> theme-reviewers at lists.wordpress.org
>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> theme-reviewers mailing list
>> >> theme-reviewers at lists.wordpress.org
>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> >>
>> >
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>


More information about the theme-reviewers mailing list