Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security Spam

Popular Wordpress Plug-in Caught Spamming Is Put On Probation 76

Posted by Soulskill
from the stop-or-i'll-say-stop-again dept.
chicksdaddy writes "Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to WordPress's official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget (SMW), Samuel Wood, a WordPress administrator, said that WordPress was willing to give SMW and its owner a second chance after he claimed to have been the victim of a contract developer gone rogue. 'Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,' Wood wrote on Friday. 'But there are natural circumstances where an author may not be at fault.' SMW appears to be such a case. It is one of the 20 most popular WordPress add-ons and allows WordPress web site operators to include links to their other social media accounts. Brendan Sheehan, the owner of SMW, said, 'We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help. Some of these people deceived us and abused our trust and naivety...We will not make this mistake again.' Wood said the folks at Wordpress decided to accept that story — but that they're watching SMW closely. 'Basically, the current maintainer is not a professional programmer, and put his trust in the wrong freelancers to do the coding work for him...We'll be watching the plugin for changes,' he said. 'The plugin is back up for now, and as long as it stays clean, it's fine.'"
This discussion has been archived. No new comments can be posted.

Popular Wordpress Plug-in Caught Spamming Is Put On Probation

Comments Filter:
  • by Anonymous Coward on Saturday April 13, 2013 @06:10PM (#43443233)

    That's a nice attitude to have. "The author of this plugin was caught injecting malicious code into every website using it, but we'll keep it on the downloads page so long as he agrees to follow the honour system?"

    How fucking stupid do you have to be?

  • by jcr (53032) <jcr.mac@com> on Saturday April 13, 2013 @06:28PM (#43443329) Journal

    Truly confidence-inspiring.

    -jcr

    • by Anonymous Coward

      Agreed

      Full responsibility = ban

      Examples have to be made.

  • marketing (Score:5, Insightful)

    by Mr. Slippery (47854) <tms AT infamous DOT net> on Saturday April 13, 2013 @06:45PM (#43443409) Homepage

    "We are a marketing company at heart..."

    IOW, "we are scum whose very purpose in life is to force unwanted messages into your eyes and ears, but trust us that this incident of unwanted messages was accidental."

    • by game kid (805301)

      ...and "social media" is, like, the pinnacle of modern spam. Indie game developer? "Like us on Facebook for a chance to win Horse Armor!" Big news network? "Don't forget to follow our forecasts on twitter!" Celebrity? "Had #lunch with @CalvinKlein, you should #buyTheirStuff! I did! #shamelessplug #andthelunchtastedgood #LOLhashtags"

      In short, SMW was banned for its very purpose--just not permanently enough.

    • by houghi (78078)

      I think what you want to say is that they are "A bunch of mindless jerks who'll be the first against the wall when the revolution comes."

      Curiously enough, an edition of the Wikipedia which conveniently fell through a rift in the time-space continuum from 1000 years in the future describes them as: "A bunch of mindless jerks who were the first against the wall when the revolution came."

  • by Anonymous Coward on Saturday April 13, 2013 @07:01PM (#43443473)

    For f*cks sake, there's no reason a supervisor shouldn't at least run a diff of the code and recompile (if applicable) before pushing a release. Unless there are huge changes, it shouldn't take more than 10 minutes. If anything looks really weird or out of place, start asking questions, preferably to someone else.

  • by betterprimate (2679747) on Saturday April 13, 2013 @08:12PM (#43443767)

    "We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help."

    The first headline on their website states, "Blink Web Effects creates innovative web applications and tools - totally free and open source." If they're not developers, why are they a company to begin with? It is really tiresome to see fucking marketing hacks thinking they are enlightened and entitled while they pay some 3rd world country developer to build their company.

    This is what they deserve. Good riddance.

    • The sad thing is, the marketing companies that do their homework, spend many hours, testing, securing, and protecting their clients from crap like this will suffer from those that don't. That being said, this is an age old story that has and will continue to repeat, over, and over, and over...
  • by russotto (537200) on Saturday April 13, 2013 @08:27PM (#43443835) Journal

    A contract programmer pulled a fast one on a marketing company to get their product to spam people. Yes, absolutely, I can believe that. So can my friend the Easter Bunny.

  • Shit like this, is exactly why I do not recommend using Word Press. I mean seriously, WP devs you are in action condoning black hat hackers. Awww... let's give them a second chance to abuse the millions of users that trust us... they said they were sorry... :O *blnk *blink *blink Really!?!
  • by Anonymous Coward

    Naturally we do take a very hard line on spam...

    Yes, of course, it's not like WordPress got caught spamming [slashdot.org] themselves.

  • by zaax (637433)
    This is the problem of subcontracting to China, who knows what else they have put in that hasn't shown up yet but is slowly attacking the USA's defences.
    • by Anonymous Coward

      As the PR officer of The Association of Scapegoated Jews, Blacks and Arabs, I'd like to thank you for helping shift focus towards the inscrutable Chinese. They are a truly dishonest race that is nothing like the financially generous Jew, the unincarcerated black and the non-wife beating Arab.

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...