MT Email Spamming

The MT sites I host have been getting hammered with this email spamming flaw that allows arbitrary emails to be sent out from any MT installation. Fortunately I can block it (though bluntly) through mod_security. If you run MT, please delete the comments script until a fix is out. Will link to more information as it’s available. Update: More at TextDrive. Update: Fix available.

8 replies on “MT Email Spamming”

Security Hole Turns Movable Type into Spam Zombie

In a perverse new twist in the ongoing battle against comment spam, the spammers have found a way to use Movable Type’s comment-handling script as a powerful spam engine……