WPMU floats like a butterfly, plans a sting like a bee


The folks at WPMU staged a sting operation last week, the likes of which would fit right in if run by Batman himself. You know, minus the cowl. And the danger. And if the Dark Knight operated entirely via email.

Okay, let’s try this again.

Last week one attentive WPMU subscriber, Brian Dooley, received an email (pictured below), that sounded a little fishy – possibly even a little phishy. He alerted the WPMU team about it, and together they set up a sting operation. The goal was to find out what exactly the impostor was trying to achieve.

In the fishy email the sender pretended to be Aaron Edwards, Lead Developer at WPMU. He stated that there was an exploit in the BuddyPress Group Calendar plugin and was requesting that Brian send the plugin to them so they could fix the exploit. But no exploit exists, and WPMU’s concern was that the intent was to insert malicious code into the theme and send it back so that user information could be collected.

For the sting, they created a special version of the plugin that would email them information about the impostor once they installed and activated the plugin. To rule out the idea that it was to collect user information, they sent an old version back. The impostor responded, still in “team member mode”, asking for the most up-to-date version. This is when they sent the special version. After installing the plugin he received, he went so far as to file a complaint about it not working with WPMU, using a fake name of course, and requested a working version.

It worked. Shortly after sending it, they received an email with information about the impostor. They’re currently pursuing legal actions against him. As such, they haven’t released his name. There are more details available on the WPMU.org blog.

Have you ever received anything like the email Brian received? How did you handle it? Tell us below in the comments.

6 thoughts on “WPMU floats like a butterfly, plans a sting like a bee

  1. I don’t fully understand what the perp was trying to accomplish but I do understand how troubling it is to be impersonated. The most interesting part of this story was when the thief jammed a screwdriver into the ignition only to hear the sound of the door locks. Oops! Wrong car.

  2. Good for you! The scoundrels, scalawags, vermin, cheaters, and scammers of the world take note. A great deal of time and computing power is wasted on protecting ourselves from the spammers, virus writers, and scumbags of the world. Just think how great it could be if none of their nonsense worked.

    • Oh crap. I misread the article. I thought the person was trying to infiltrate another persons site for malicious purposes.

      This doesn’t sound particularly believable now. That’s a whole lot of effort and irritation to some poor site owner just to save a few bucks.

    • I wonder if the person was trying to perhaps achieve something more than just get a free plugin. There’s so many other ways to get a free WPMu Dev plugin that this all seems rather implausible to me.

Comments are closed.