November 26, 2003
MT an open relay
If you haven't heard about this yet, congratulations on being removed from society so well! The mt-send-entry.cgi script in Movable Type allows anyone to send email to anyone using your server, much like formmail.
There is a fix, of sorts available.. although it's not a particularly good one. Spammers can still spam using that, they're just restricted somewhat.. I would suggest everyone just remove the thing altogether, there's no true need for it, it's not part of default MT config and anyone who really really wants to allow people to email entries should just code a better way of doing it. Like with validation of origins and such..
Posted November 26, 2003 05:42 PM in Blogging
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/1027
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/1027
Comments
Daily Bytes:MT an open relay
It seems MT default install acts as an open relay. Every spammer\'s dream: kasia in a nutshell: MT an open relay
(read more)
November 26, 2003 06:18 PM
It seems MT default install acts as an open relay. Every spammer\'s dream: kasia in a nutshell: MT an open relay
(read more)
November 26, 2003 06:18 PM
Undesignated Blog:MT Users Beware
Seems that there is a way to abuse Movable Types tell a friend function. Thanks for the heads up Kasia! You can find more info about this at the Movable Type pages. I fixed it by just removing the dunctionality....
(read more)
November 27, 2003 12:34 AM
Seems that there is a way to abuse Movable Types tell a friend function. Thanks for the heads up Kasia! You can find more info about this at the Movable Type pages. I fixed it by just removing the dunctionality....
(read more)
November 27, 2003 12:34 AM
Lobsterblog:Important!
Missed this, just before publishing that last item. It's important for all MT users to read this over at Kasia's....
(read more)
November 27, 2003 02:36 AM
Missed this, just before publishing that last item. It's important for all MT users to read this over at Kasia's....
(read more)
November 27, 2003 02:36 AM
Life Is Killing Me:MT has a hole in a CGI script
Shitty. MT has a hole in the MT-send-entry.cgi script. I didn't see any of my users using it so I...
(read more)
November 27, 2003 10:55 AM
Shitty. MT has a hole in the MT-send-entry.cgi script. I didn't see any of my users using it so I...
(read more)
November 27, 2003 10:55 AM
Quarter Life Crisis:To be heard
Woohaha, I managed to Um... that person totally confused the hell out of me. someone at LiveJournal. That's certainly a turn at the usual state of affairs, where that...
(read more)
November 27, 2003 01:49 PM
Woohaha, I managed to Um... that person totally confused the hell out of me. someone at LiveJournal. That's certainly a turn at the usual state of affairs, where that...
(read more)
November 27, 2003 01:49 PM