[theme-reviewers] Emergency Call

Chip Bennett chip at chipbennett.net
Fri Sep 3 13:58:50 UTC 2010 

Can you and Chris put together some kind of lesson for the rest of us? Sort
of a "watch out for this kind of thing" that we can learn from?

(I found the second one before you got it pulled from SVN; so at least I can
look at it in the meantime.)

Chip

On Fri, Sep 3, 2010 at 8:56 AM, Otto <otto at ottodestruct.com> wrote:

> Actually, I went ahead and removed them from SVN because we don't need
> malware of that sort in there.
>
> But if you want a copy, I did save the bad functions.php file, just
> for examination later. We may be able to detect this sort of thing in
> the uploader and prevent it from uploading.
>
> -Otto
>
>
>
> On Fri, Sep 3, 2010 at 8:50 AM, Chip Bennett <chip at chipbennett.net> wrote:
> > I'll have to take a look at those tickets.
> > Good learning opportunity for the reviewers? (Or an example of why
> security
> > gurus are needed, for a security-review stage of the process?)
> > Chip
> >
> > On Fri, Sep 3, 2010 at 8:45 AM, Otto <otto at ottodestruct.com> wrote:
> >>
> >> Never mind. I see it. It's in the functions.php file, disguised. Clever.
> >>
> >> -Otto
> >>
> >>
> >>
> >> On Fri, Sep 3, 2010 at 8:42 AM, Otto <otto at ottodestruct.com> wrote:
> >> > I'm looking at it now.. Where's the worm? Not finding it.
> >> >
> >> > -Otto
> >> >
> >> >
> >> >
> >> > On Fri, Sep 3, 2010 at 8:07 AM, Chris <chris at thematic4you.com> wrote:
> >> >> Tickets #870 and #873
> >> >>
> >> >>
> >> >>
> >> >> Von: theme-reviewers-bounces at lists.wordpress.org
> >> >> [mailto:theme-reviewers-bounces at lists.wordpress.org] Im Auftrag von
> >> >> Edward
> >> >> Caissie
> >> >> Gesendet: Freitag, 3. September 2010 14:47
> >> >>
> >> >> An: theme-reviewers at lists.wordpress.org
> >> >> Betreff: Re: [theme-reviewers] Emergency Call
> >> >>
> >> >>
> >> >>
> >> >> SVN is a forever land ... without intervention by a "System Admin" as
> >> >> far as
> >> >> I know.
> >> >>
> >> >> We can keep it out of Extend/Themes easy enough but beyond that we do
> >> >> not
> >> >> have much control.
> >> >>
> >> >> What tickets/themes are you refering to?
> >> >>
> >> >>
> >> >> Cais.
> >> >>
> >> >> On Fri, Sep 3, 2010 at 7:08 AM, Chris <chris at thematic4you.com>
> wrote:
> >> >>
> >> >> Indeed .. infecting all installed themes of a blog.
> >> >>
> >> >>
> >> >>
> >> >> Von: theme-reviewers-bounces at lists.wordpress.org
> >> >> [mailto:theme-reviewers-bounces at lists.wordpress.org] Im Auftrag von
> >> >> Philip
> >> >> M. Hofer (Frumph)
> >> >> Gesendet: Freitag, 3. September 2010 13:00
> >> >> An: theme-reviewers at lists.wordpress.org
> >> >> Betreff: Re: [theme-reviewers] Emergency Call
> >> >>
> >> >>
> >> >>
> >> >> Oh fricken lovely.
> >> >>
> >> >> ----- Original Message -----
> >> >>
> >> >> From: Chris
> >> >>
> >> >> To: theme-reviewers at lists.wordpress.org
> >> >>
> >> >> Sent: Friday, September 03, 2010 3:55 AM
> >> >>
> >> >> Subject: [theme-reviewers] Emergency Call
> >> >>
> >> >>
> >> >>
> >> >> Hi,
> >> >>
> >> >>
> >> >>
> >> >> -          who is able to remove / delete / nuke two themes from the
> >> >> SVN??
> >> >>
> >> >> -          Who is in charge of the the scripts running right after
> >> >> theme
> >> >> upload??
> >> >>
> >> >>
> >> >>
> >> >> Had an encounter with not so clean themes .. the themes are rejected,
> >> >> but
> >> >> need to be removed from the SVN as soon as possible.
> >> >>
> >> >>
> >> >>
> >> >> In addition I would like to see the upload script filtering for a not
> >> >> so
> >> >> nice wormy gift.
> >> >>
> >> >>
> >> >>
> >> >> Thanks,
> >> >>
> >> >>
> >> >>
> >> >> Chris
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> ________________________________
> >> >>
> >> >> _______________________________________________
> >> >> theme-reviewers mailing list
> >> >> theme-reviewers at lists.wordpress.org
> >> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >> >>
> >> >> _______________________________________________
> >> >> theme-reviewers mailing list
> >> >> theme-reviewers at lists.wordpress.org
> >> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> theme-reviewers mailing list
> >> >> theme-reviewers at lists.wordpress.org
> >> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >> >>
> >> >>
> >> >
> >> _______________________________________________
> >> theme-reviewers mailing list
> >> theme-reviewers at lists.wordpress.org
> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >
> >
> > _______________________________________________
> > theme-reviewers mailing list
> > theme-reviewers at lists.wordpress.org
> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >
> >
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20100903/539c4f8c/attachment-0001.htm>

More information about the theme-reviewers mailing list