Movable Type spam vulnerability

In: Blogging

27 Nov 2003

If you’re a Movable Type user, you probably already heard of the spam vulnerability of the “Email this to a friend” script in Movable Type. Six Apart has posted a fix, of course, with a disclaimer that the fix only discourages spammers, not prevent spamming outright. What is the vulnerability anyway, you ask? You may want to read this thread for the skinny.

What can you do? Well, you should remove mt-send-entry.cgi completely if you don’t use it. I doubt too many end users actually use any of that “Email this to a friend” functionality anyway so you probably have nothing to lose. Why do I say so? One word: usability.

  1. Your users have to be able to find the link first to use it.
  2. Your users probably are accustomed to using email or IM to send links (think ICQ‘s Send URL functionality).
  3. The average surfer is unlikely to be so enthusiastic as to send links to his/her friends. Of course, this assumes that your average surfer has friends.

The point? Scrap that functionality, delete that file.

7 Responses to Movable Type spam vulnerability

Avatar

rainer

November 27th, 2003 at 5pm

thats the risk if you use weblog software on your own server

Avatar

Schwer Log

November 27th, 2003 at 3pm

MT Spam Vulnerability
The Moveable Type website has an announcement about a new spam vulnerability. Basically mt-send-entry.cgi can be used to send spam from your MT weblog. The recommended fix is to remove the script if you don’t use the feature, or if…

Avatar

atog

November 27th, 2003 at 3pm

Movable Type spam vulnerability
apparently if you use movable type, spammers could abuse the MT-script : mt-send-entry.cgi to send their mails. the best solution to avoid this is to just delete the script on your server. via Cheah Chu Yeow …looks like i should…

Avatar

BlogName

July 1st, 2004 at 4am

Title
Excerpt

Avatar

BlogName

July 1st, 2004 at 4am

Title
Excerpt

Avatar

92cad7f9e68890bcce6c9bd3a555

April 18th, 2005 at 6am

92cad7f9e68890bcce6c9bd3a555
0ecfd6fa0f8a021b1b9e568fdb4ca7d7 3c1dd0.