Movable Type's Spam Hole
December 4, 2003 6:34 PM Subscribe
Movable Type 2.64 contains a major vulnerability to spammers.
The spam hole, which exists in all versions of the program downloaded before November 26, centers around the mt-send-entry.cgi script, which can be co-opted by spammers who then use your domain and resources to do their dirty work. Users are encouraged to download and install the new "secured" version of mt-send-entry.cgi
or to remove the file from their installation altogether. (If it is not being used, it can be safely deleted without affecting other MT functionality.) The question does arise though, with literally tens of thousands of MT users affected by this vulnerability, why didn't anyone at Six Apart think that this news warranted an announcement anywhere beyond the Movable Type news blog?
posted by Dreama (34 comments total)
« Older Uncovered: The Whole Truth About the Iraq War... | Every Playboy Cover... Newer »