Spammers find MT's open relay

Been busy holidayin’ and doing other stuff lately, so a lot of the basic substrate of blog news and blog gossip is passing unremarked. By now, most MT users probably know that Movable Type is vulnerable as an open spam relay.
If you are not using the “mail this entry” feature, it is highly recommended that you change the permissions or the name of mt-send.cgi or both, to prevent spammers from highjacking your server to send bulk unsolicited commercial email.
If you do use the “send this entry” feature (which I had lately been thinking of adding to RFB), I don’t know how you do this and keep it secure from spammers. Details as they are unearthed.
[via Mark‘s b-links]






One response to “Spammers find MT's open relay”

  1. liza Avatar

    Ben Trott has come out with a new sendmail script. It’s on the front page of MT [and archived at this permalink … for people who read this comment well after Ben’s fix has scrolled off the MT home page. – ed.]
    BTW, I found out how to send an email from within SAFARI. I had no idea you have to highlight text in order to enable MAIL. This will also enable STICKIES, SIMPLETEXT, KUNG-LOG and any other cocoa software that comes with services.