« Getting funky with Nice Titles | Main | More accessing Hotmail in Thunderbird »

Movable Type spam vulnerability

November 27, 2003

If you’re a Movable Type user, you probably already heard of the spam vulnerability of the “Email this to a friend” script in Movable Type. Six Apart has posted a fix, of course, with a disclaimer that the fix only discourages spammers, not prevent spamming outright. What is the vulnerability anyway, you ask? You may want to read this thread for the skinny.

What can you do? Well, you should remove mt-send-entry.cgi completely if you don’t use it. I doubt too many end users actually use any of that “Email this to a friend” functionality anyway so you probably have nothing to lose. Why do I say so? One word: usability.

  1. Your users have to be able to find the link first to use it.
  2. Your users probably are accustomed to using email or IM to send links (think ICQ’s Send URL functionality).
  3. The average surfer is unlikely to be so enthusiastic as to send links to his/her friends. Of course, this assumes that your average surfer has friends.

The point? Scrap that functionality, delete that file.

Posted by Chu Yeow at November 27, 2003 SGT | Permalink | | Category: Blogging

7 Comments & TrackBacks (Add yours)

The paper doll icon that precedes each comment is an idea conceived by Vanessa Tan.

Paper doll icon
Schwer Log's Gravatar

MT Spam Vulnerability
The Moveable Type website has an announcement about a new spam vulnerability. Basically mt-send-entry.cgi can be used to send spam from your MT weblog. The recommended fix is to remove the script if you don’t use the feature, or if…

Posted by: Schwer Log on November 27, 2003 3pm

Paper doll icon
atog's Gravatar

Movable Type spam vulnerability
apparently if you use movable type, spammers could abuse the MT-script : mt-send-entry.cgi to send their mails. the best solution to avoid this is to just delete the script on your server. via Cheah Chu Yeow …looks like i should…

Posted by: atog on November 27, 2003 3pm

Paper doll icon
rainer's Gravatar

thats the risk if you use weblog software on your own server

Posted by: rainer on November 27, 2003 5pm

Paper doll icon
BlogName's Gravatar

Title
Excerpt

Posted by: BlogName on July 1, 2004 4am

Paper doll icon
BlogName's Gravatar

Title
Excerpt

Posted by: BlogName on July 1, 2004 4am

TrackBack icon
92cad7f9e68890bcce6c9bd3a555
0ecfd6fa0f8a021b1b9e568fdb4ca7d7 3c1dd0.

Read more in 92cad7f9e68890bcce6c9bd3a555

Pinged from 92cad7f9e68890bcce6c9bd3a555 on April 18, 2005 6am

You can subscribe to the RSS feed for comments on this post.

« Getting funky with Nice Titles | Main | More accessing Hotmail in Thunderbird »

Post a comment

(required)

(required, but never displayed)


You can format your comments using XHTML. Your email address will not be displayed or used for nefarious purposes.

Only following tags are allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


« Getting funky with Nice Titles | Main | More accessing Hotmail in Thunderbird »