23 Dec
2022
23 Dec
'22
6:19 p.m.
if you go to https://omnicommons.org/blog/calendar/
you see a "sign up for our newsletter: Email address ______________ Subscribe"
banner, partially covering up Ashley, 26 (who is online now) but not covering
her boobs.
It's been like this for weeks apparently (I just noticed) and we don't know
what's going on.
Does anyone know wordpress and IT security and can take a look and figure out
what's going wrong in there?
-jake
23 Dec
23 Dec
6:35 p.m.
New subject: [omni-discuss] Omnicommons.org wordpress compromised, for weeks with no progress?
It's a recurring problem. I keep removing this malware but it comes
back, presumably due to a vulnerable wordpress plugin. One likely
suspect is this plugin, which has been flagged for removal
https://wordpress.org/plugins/wp-fullcalendar/
On Fri, Dec 23, 2022 at 6:19 PM Jake <jake(a)spaz.org> wrote:
if you go to https://omnicommons.org/blog/calendar/
you see a "sign up for our newsletter: Email address ______________ Subscribe"
banner, partially covering up Ashley, 26 (who is online now) but not covering
her boobs.
It's been like this for weeks apparently (I just noticed) and we don't know
what's going on.
Does anyone know wordpress and IT security and can take a look and figure out
what's going wrong in there?
-jake
_______________________________________________
discuss mailing list
discuss(a)lists.omnicommons.org
https://omnicommons.org/lists/listinfo/discuss
6:36 p.m.
On Fri, Dec 23, 2022 at 06:19:42PM -0800, Jake via sudo-discuss wrote:
if you go to https://omnicommons.org/blog/calendar/
you see a "sign up for our newsletter: Email address ______________ Subscribe"
banner, partially covering up Ashley, 26 (who is online now) but not covering
her boobs.
It's been like this for weeks apparently (I just noticed) and we don't know
what's going on.
Does anyone know wordpress and IT security and can take a look and figure out
what's going wrong in there?
I can't reproduce the issue. I just tried it on desktop and mobile with
three different browswers. I don't see Ashley, or any other signs of
compromise / weird scripts / unexpected 3rd party net requests.
Anyone else? Maybe all my computers / browsers are just weird?
--Sean
6:38 p.m.
New subject: [omni-discuss] Omnicommons.org wordpress compromised, for weeks with no progress?
It was previously on the event request form …
On Fri, Dec 23, 2022 at 6:36 PM Sean Greenslade <sean(a)seangreenslade.com>
wrote:
On Fri, Dec 23, 2022 at 06:19:42PM -0800, Jake via
sudo-discuss wrote:
if you go to
https://omnicommons.org/blog/calendar/
you see a "sign up for our newsletter: Email address ______________
Subscribe"
banner, partially covering up Ashley, 26 (who is
online now) but not
covering
her boobs.
It's been like this for weeks apparently (I just noticed) and we don't
know
what's going on.
Does anyone know wordpress and IT security and can take a look and
figure out
what's going wrong in there?
I can't reproduce the issue. I just tried it on desktop and mobile with
three different browswers. I don't see Ashley, or any other signs of
compromise / weird scripts / unexpected 3rd party net requests.
Anyone else? Maybe all my computers / browsers are just weird?
--Sean
_______________________________________________
discuss mailing list
discuss(a)lists.omnicommons.org
https://omnicommons.org/lists/listinfo/discuss
6:47 p.m.
New subject: [omni-discuss] Omnicommons.org wordpress compromised, for weeks with no progress?
no I saved it, and Yar fixed it but it will happen again because we haven't
fixed the hole they got in through.
I have a tgz of the save of the page and the view source (which I assume is
the same as what i saved but idk), here:
https://spaz.org/~jake/ashley26.tgz
also see Yar's email in this thread
On Fri, 23 Dec 2022, Sarah Lockhart wrote:
It was previously on the event request form …
On Fri, Dec 23, 2022 at 6:36 PM Sean Greenslade <sean(a)seangreenslade.com> wrote:
On Fri, Dec 23, 2022 at 06:19:42PM -0800, Jake
via sudo-discuss wrote:
if you go to
https://omnicommons.org/blog/calendar/
you see a "sign up for our newsletter: Email address ______________
Subscribe" banner, partially covering up Ashley, 26 (who is online now)
but not covering her boobs.
It's been like this for weeks apparently (I just noticed) and we don't
know what's going on.
Does anyone know wordpress and IT security and can take a look and figure
out what's going wrong in there?
I can't reproduce the issue. I just tried it on desktop and mobile with
three different browswers. I don't see Ashley, or any other signs of
compromise / weird scripts / unexpected 3rd party net requests.
Anyone else? Maybe all my computers / browsers are just weird?
--Sean
_______________________________________________
discuss mailing list
discuss(a)lists.omnicommons.org
https://omnicommons.org/lists/listinfo/discuss
6:44 p.m.
New subject: [omni-discuss] Omnicommons.org wordpress compromised, for weeks with no progress?
You can't reproduce it because I deleted it within minutes of being
notified, just like I did last time.
We've set the offending file chattr +i so this particular malware will
probably not work anymore. But the attack vector still remains
somewhere in wordpress.
On Fri, Dec 23, 2022 at 6:36 PM Sean Greenslade <sean(a)seangreenslade.com> wrote:
On Fri, Dec 23, 2022 at 06:19:42PM -0800, Jake via sudo-discuss wrote:
if you go to
https://omnicommons.org/blog/calendar/
you see a "sign up for our newsletter: Email address ______________ Subscribe"
banner, partially covering up Ashley, 26 (who is online now) but not covering
her boobs.
It's been like this for weeks apparently (I just noticed) and we don't know
what's going on.
Does anyone know wordpress and IT security and can take a look and figure out
what's going wrong in there?
I can't reproduce the issue. I just tried it on desktop and mobile with
three different browswers. I don't see Ashley, or any other signs of
compromise / weird scripts / unexpected 3rd party net requests.
Anyone else? Maybe all my computers / browsers are just weird?
--Sean
_______________________________________________
discuss mailing list
discuss(a)lists.omnicommons.org
https://omnicommons.org/lists/listinfo/discuss
729
days inactive
729
days old
5 comments
4 participants
participants (4)
-
Jake -
Sarah Lockhart -
Sean Greenslade -
Yardena Cohen