<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi all<div class=""><br class=""></div><div class="">have you considered generating static html for the public site from a non publicly accessible site with the current theme?</div><div class=""><br class=""></div><div class="">this could be a quick and easy to implement workaround, check <a href="http://wordpress.org" class="">wordpress.org</a> for corresponding plugins</div><div class=""><br class=""></div><div class="">/ Peter</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 14 Oct 2015, at 05:54, Mathieu ONeil <<a href="mailto:mathieu.oneil@anu.edu.au" class="">mathieu.oneil@anu.edu.au</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">Hi all<br class=""><br class="">Javier (who looks after P2P Foundation servers) has investigated and reported that the JoPP website has been compromised. He has taken steps to fix this: thank you so much Javier!<br class=""><br class="">An urgent task is that we need to change the WordPress theme as this appears to be a source of the problem. I feel bad about this for the Fem(un)hack eds who are, very naturally, experiencing anxiety about this hiccup. At the same time, we are all volunteers and sometimes in volunteer projects things take a bit longer to fix. But, they will be fixed. On the positive side (for me) I'm happy to change themes.<br class=""><br class="">From Javier:<br class="">"The <a href="http://peerproduction.net" class="">peerproduction.net</a> website was hacked sometime in the summer. There's a persistent vulnerability in the theme in use, which apparently hasn't been updated in a while and is unsupported. I've ported all content to the P2PF webserver. Of course, I didn't copy over the theme nor any other infected files. I also brought over the surveys website and updated its plugins, and apparently this broke the layout slightly. I didn't enable the php-exec plugin, which represents a serious security vulnerability.<br class=""><br class="">In <a href="http://peerproduction.net" class="">peerproduction.net</a> I enabled the default WordPress theme for the time being. For best support, you can pick any GPL theme from <a href="https://wordpress.org/themes/" class="">https://wordpress.org/themes/</a> . If you'd like you may pick a commercial theme from <a href="https://www.elegantthemes.com/gallery/" class="">https://www.elegantthemes.com/gallery/</a> and use it through my own developer license.<br class=""><br class="">In short, <a href="http://peerproduction.net" class="">peerproduction.net</a> needs to be adapted to use a newer theme, and the layout on <a href="http://surveys.peerproduction.net" class="">surveys.peerproduction.net</a> should be updated to use the newer widget library. All in all, it would be good to check out the whole websites to make sure that no spam or infected content made it trough.<br class=""><br class="">James already updated the DNS records and they should propagate shortly, making the new websites generally available. I'm flipping the switch for the old ones so that people don't update them inadvertently in the meantime."<br class="">[end quote]<br class=""><br class="">From this, four things:<br class=""><br class="">A-THEMES<br class="">So, the sooner we pick a theme, the better. I prefer a minimal style with some space for the eye to rest. Specifically, I like these:<br class=""><a href="https://wordpress.org/themes/twentyten/" class="">https://wordpress.org/themes/twentyten/</a><br class="">https://www.elegantthemes.com/gallery/vertex/ [though not sure about the mountain pic - a bit cliche?] <br class="">As time is of the essence, anyone who feels strongly about this, please give your opinion about this before Friday 16 October 3pm GMT. <br class="">Once opinions have been heard the editorial team will make a decision and inform Javier.<br class=""><br class="">B-SURVEYS<br class="">Though the surveys.peerproduction.net was set up as a subdomain of peeproduction.net we do not run it or have anything to do with it. I guess Jarkko Moilanen needs to fix his widget, advise Javier asap if there is an issue, or if the site is inactive, cut it loose?<br class=""><br class="">C-WEBMASTER<br class="">This is a recurring issue. Some of us know some things but no-one seems to know enough. We need to find a solution, so will be communicating privately with people who are able to help.<br class=""><br class="">D-PROXY SITE<br class="">maxigas mentioned he set up a proxy prior to JoPP 5 going live. Is it worth doing now for fem(un)hack or does the current situation prohibit this? thanks for advising.<br class=""><br class="">cheers,<br class=""><br class="">Mathieu<br class=""><br class="">________________________________________<br class="">From: jopp-public-bounces@lists.ourproject.org <jopp-public-bounces@lists.ourproject.org> on behalf of stoopt <stoupin@riseup.net><br class="">Sent: Tuesday, October 13, 2015 11:17<br class="">To: jopp-public@lists.ourproject.org<br class="">Subject: [JoPP-Public] Jopp Web Site: Server error 503<br class=""><br class="">Hi all,<br class=""><br class="">We, the Feminism and (Un)hacking editors, have started uploading papers<br class="">for our upcoming release. Unfortunately there seems to be a problem with<br class="">the server at the moment. A 503 error. Can someone look into this please?<br class=""><br class="">Much appreciated,<br class="">Sophie<br class=""><br class="">_______________________________________________<br class="">JoPP-Public mailing list<br class="">JoPP-Public@lists.ourproject.org<br class="">https://lists.ourproject.org/cgi-bin/mailman/listinfo/jopp-public<br class=""><br class="">_______________________________________________<br class="">JoPP-Public mailing list<br class="">JoPP-Public@lists.ourproject.org<br class="">https://lists.ourproject.org/cgi-bin/mailman/listinfo/jopp-public<br class=""></div></blockquote></div><br class=""></div></body></html>