freerobby

Hi Joe,

The fact that it’s classifying this as “Trojan.Script.Generic” means that your antivirus software is flagging the javascript as potentially unsafe. They do not provide any evidence to suggest you’ve been hacked or that the javascript is actually unsafe (as opposed to just looking like other javascript that they might believe is unsafe).

I’m sorry you’re seeing these warnings – I will see if there is anything we can do on our end to stop them from showing up. But indeed they appear to be false positives, wrongly picked up by your antivirus software.

–Robby Grossman
Tech Lead, Shareaholic

Hi all,

The reason WordPress HTTPS does not fix this is because we load some assets via javascript, which gets generated well before the WordPress HTTPS filters go into effect.

We have a fix coming for this very soon; it will work both with and without the WordPress HTTPS plugin.

Cheers,
Robby
Tech Lead, Shareaholic

Ugh, sorry. I spoke to soon. Perms are now 777 and it’s still failing on posts/pages. Example log:

15:52:16 / Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:16 / supercache dir: /var/www/vhosts/freerobby.com/httpdocs/wp-content/cache/supercache/freerobby.com/
15:52:16 / Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:16 / No wp-cache file exists. Must generate a new one.
15:52:17 / Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:17 / In WP Cache Phase 2
15:52:17 / Setting up WordPress actions
15:52:17 / Created output buffer
15:52:17 / Output buffer callback
15:52:17 / supercache dir: /var/www/vhosts/freerobby.com/httpdocs/wp-content/cache/supercache/freerobby.com/
15:52:17 / Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:17 / Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:17 / supercache dir: /var/www/vhosts/freerobby.com/httpdocs/wp-content/cache/supercache/freerobby.com/
15:52:17 / Writing non-gzipped buffer to wp-cache cache file.
15:52:17 / Renamed temp wp-cache file to /var/www/vhosts/freerobby.com/httpdocs/wp-content/cache/wp-cache-2f47eb2ecfea0c28b61ae2d1751781ff.html
15:52:17 / Sending buffer to browser
15:52:17 / Writing meta file: /var/www/vhosts/freerobby.com/httpdocs/wp-content/cache/meta/wp-cache-2f47eb2ecfea0c28b61ae2d1751781ff.meta
15:52:30 /2010/06/21/writing-for-people/ Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:30 /2010/06/21/writing-for-people/ supercache dir: /var/www/vhosts/freerobby.com/httpdocs/wp-content/cache/supercache/freerobby.com/2010/06/21/writing-for-people/
15:52:30 /2010/06/21/writing-for-people/ Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:30 /2010/06/21/writing-for-people/ No wp-cache file exists. Must generate a new one.
15:52:31 /2010/06/21/writing-for-people/ Cookie detected: wordpress_logged_in_8cd83b249bf2a5afd8da808d51fc749f
15:52:31 /2010/06/21/writing-for-people/ In WP Cache Phase 2
15:52:31 /2010/06/21/writing-for-people/ Setting up WordPress actions
15:52:31 /2010/06/21/writing-for-people/ Created output buffer

Fixed. In case anybody else hits a similar problem, it was a permissions issue in the wp-content/cache directory. I do not know why the home page permissions wound up different than post/page permissions, but chmod -R 777 wp-content/cache did the trick. I will fine tune it from there.

I’ve been getting the same error for ages. It’s been reported in the Google Group. No fix or response yet.

Have you guys tried disabling all your plugins?

Ahh, good call on the multiple sidebars. Thanks!

–Robby

Thanks again, Otto. Check your email when you get a chance–I can’t really continue this conversation here because it involves mention of a commercial plugin.

I find extraordinary hypocrisy in Kahil’s argument that “custom jobs are different from mass sales.”

I had an artist approach me to write a customized plugin that would require dozens of hours of work. There is no chance she could have afforded it. Instead what I did is build something more extensible so that I could sell it to multiple artists at a reduced cost. At the end of the day I made the same amount of money while pleasing more people and allowing it to be more affordable.

So tell me, Kahil, where was my great sin in making “mass sales”?

Otto42,

Thanks again for the analysis. I read that Rosen piece some time ago and was persuaded by it–more than I should have been, apparently.

There is one point that I’m not sure that you’ve countered though, and that is: what of plugins that contain nothing but new code that are not distributed with GPL code? In other words, if a plugin contains not a trace of WordPress code, and is distributed completely independently, on what basis would it be forced under the GPL license? Merely because it is intended to be used with the WordPress system, which is under GPL license?

Is there really case law that would back up such a supposition?

–Robby

Thanks for that analysis, Otto. I found this comment posted on another blog and I’m curious for your thoughts. I don’t mean to reply to your post in cheap-shot fashion by saying “quick, look over there!”; it’s just that this particular law office makes the point better than I can:

Technology Law offices of Rosenlaw & Einschlag has this to say on derivative works:

Here’s how I would decide in the edge cases that I described above:

· The primary indication of whether a new program is a derivative work is whether the source code of the original program was used, modified, translated or otherwise changed in any way to create the new program. If not, then I would argue that there is not a derivative work.

· The meaning of derivative work will not be broadened to include software created by linking to library programs that were designed and intended to be used as library programs. When a company releases a scientific subroutine library, or a library of objects, for example, people who merely use the library, unmodified, perhaps without even looking at the source code, are not thereby creating derivative works of the library.

· Derivative works are not going to encompass plug-ins and device drivers that are designed to be linked from other off-the-shelf, unmodified, programs. If Linux is designed to accept separately-designed plug-in programs, you don’t create a derivative work by merely running such a program under Linux, even if you have to look at the Linux source code to learn how to do so.

· In most cases we shouldn’t care how the linkage between separate programs was technically done, unless that fact helps to determine whether the creators of the programs designed them with some apparent common understanding of what a derivative work would look like. We should consider subtle market-based factors as indicators of intent, such as whether the resulting program is being sold as an “improved” or “enhanced” version of the original, or whether the original was designed and advertised to be improvable “like a library.”

So, if a plugin developer is in no way modifying the original (i.e. WordPress) code, wouldn’t the plugin not be a “derivative” work by that interpretation?

I don’t think the GPL license is being broken. BlogCMS, I believe your logic is flawed and I do not interpret the GPL license in that way. WordPress plugins sold in and of themselves are not part of the larger WordPress system. Linux is GPL-licensed. Does that mean no company can write commercialized or proprietary-licensed software for it? Of course not–even if it uses open source API calls. In effect, that’s all that a WordPress plugin is doing.

Also, I don’t understand what you mean by a “proprietary” license. What would be the point of selling your work if the buyer could merely turn around and resell it himself? Do you mean that the work shouldn’t be sellable without the source code, thus making it modifiable for the original buyer?

lol