Movable Type's Spam Hole
December 4, 2003 6:34 PM Subscribe
Movable Type 2.64 contains a major vulnerability to spammers. The spam hole, which exists in all versions of the program downloaded before November 26, centers around the mt-send-entry.cgi script, which can be co-opted by spammers who then use your domain and resources to do their dirty work. Users are encouraged to download and install the new "secured" version of mt-send-entry.cgi or to remove the file from their installation altogether. (If it is not being used, it can be safely deleted without affecting other MT functionality.) The question does arise though, with literally tens of thousands of MT users affected by this vulnerability, why didn't anyone at Six Apart think that this news warranted an announcement anywhere beyond the Movable Type news blog?
This thread has been archived and is closed to new comments