Ruby, Rails, Firefox, Anime, Mac
In: Blogging27 Nov 2003
If you’re a Movable Type user, you probably already heard of the spam vulnerability of the “Email this to a friend” script in Movable Type. Six Apart has posted a fix, of course, with a disclaimer that the fix only discourages spammers, not prevent spamming outright. What is the vulnerability anyway, you ask? You may want to read this thread for the skinny.
What can you do? Well, you should remove mt-send-entry.cgi completely if you don’t use it. I doubt too many end users actually use any of that “Email this to a friend” functionality anyway so you probably have nothing to lose. Why do I say so? One word: usability.
The point? Scrap that functionality, delete that file.