December 01, 2006
My Apologies If You've Been Spammed

So, the good news was I got mail working on the server again.

The bad news?

Apparently, someone has come up with a new exploit which generates copious amounts of spam email.  I'm afraid quite a bit of spam went out before I figured out what was going on.

The exploit targets the Subscribe To Comments hack by ScriptyGoddess.

Apparently, some clever person figured out that they could directly access the emailtolist.php file which generates the email notification.  Somehow, they can use this even for posts which have comments turned off.

After I figured out what was happening, I changed the name of the file, and the references to it in the comment templates.  I believe the exploit is based on the specific file name, so I am hopeful that I can retain the functionality, without having it exploited again.

Arrg!

Digg It!  Digg It!   del.icio.us bookmark  Bookmark it!  

Posted by David at December 01, 2006 09:54 PM
Comments
Post a comment

Ability to add comments removed due to spam.

If you wish to add a comment, send an email to comments at blogdom dot org

replacing the at above with @ and the dot above with .