redemption in a blog
Rails, Firefox, Anime, Mac
Movable Type spam vulnerability
In: Blogging
27 Nov 2003If you’re a Movable Type user, you probably already heard of the spam vulnerability of the “Email this to a friend” script in Movable Type. Six Apart has posted a fix, of course, with a disclaimer that the fix only discourages spammers, not prevent spamming outright. What is the vulnerability anyway, you ask? You may want to read this thread for the skinny.
What can you do? Well, you should remove mt-send-entry.cgi completely if you don’t use it. I doubt too many end users actually use any of that “Email this to a friend” functionality anyway so you probably have nothing to lose. Why do I say so? One word: usability.
- Your users have to be able to find the link first to use it.
- Your users probably are accustomed to using email or IM to send links (think ICQ‘s Send URL functionality).
- The average surfer is unlikely to be so enthusiastic as to send links to his/her friends. Of course, this assumes that your average surfer has friends.
The point? Scrap that functionality, delete that file.
Categories
Archives
- July 2011
- September 2010
- June 2010
- February 2010
- January 2010
- November 2009
- September 2009
- July 2009
- June 2009
- March 2009
- November 2008
- September 2008
- August 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- July 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
- April 2004
- March 2004
- February 2004
- January 2004
- December 2003
- November 2003
- October 2003
- September 2003
- August 2003
- July 2003
- June 2003
- May 2003
7 Responses to Movable Type spam vulnerability
BlogName
July 1st, 2004 at 4am
Title
Excerpt
BlogName
July 1st, 2004 at 4am
Title
Excerpt
atog
November 27th, 2003 at 3pm
Movable Type spam vulnerability
apparently if you use movable type, spammers could abuse the MT-script : mt-send-entry.cgi to send their mails. the best solution to avoid this is to just delete the script on your server. via Cheah Chu Yeow …looks like i should…
rainer
November 27th, 2003 at 5pm
thats the risk if you use weblog software on your own server
Schwer Log
November 27th, 2003 at 3pm
MT Spam Vulnerability
The Moveable Type website has an announcement about a new spam vulnerability. Basically mt-send-entry.cgi can be used to send spam from your MT weblog. The recommended fix is to remove the script if you don’t use the feature, or if…
92cad7f9e68890bcce6c9bd3a555
April 18th, 2005 at 6am
0ecfd6fa0f8a021b1b9e568fdb4ca7d7 3c1dd0.