Back on June 1st, Michael VanDeMar published a lengthy post explaining the process he goes through in order to clean up an infected website. One exploit that Michael points out is a bad index.php file which if ran as an include(), pulls bad information from the domain WordPress.Net.IN. This domain according to Michael has been in existence for at least three years, first being registered in 2007.
Not only is it being used as an exploit delivery mechanism, but it’s violating the WordPress trademark. According to comments made on the post by Matt Mullenweg, he had attempted to contact the domain registrar to have the domain taken offline.
Okay, well short story is I looked into this when the hack first came up, but haven’t noticed it since and haven’t thought about the domain since then. I’ll contact some friends in the domain business to see what we can do now. (We have a lot more resources than three years ago.)
A few days later, Matt has confirmed that the domain has been taken down due to some help from Justin at GoDaddy. However, there is a difference between taking a domain down and taking ownership of it due to the WordPress trademark. It’s not clear yet whether Matt has put in the effort to try and take ownership of the domain. If not, it’s possible that at some point down the road, the domain will continue to be used but on a different registrar/host which wouldn’t be good for anyone, especially if it were to continue being used as an exploit delivery tool.
I’m interested in how the WordPress trademark is being protected. Is it the sole work of Matt going after violators or is there a team of lawyers acting on Matt’s behalf? I’d also be interested to hear in how a typical trademark violator is dealt with. Everything from discovery to the process of getting it removed or taking over ownership. I think it would be something a lot of folks in the community would be interested to know about.
As for the other point in Michael’s post regarding priorities, meh.