The MT sites I host have been getting hammered with this email spamming flaw that allows arbitrary emails to be sent out from any MT installation. Fortunately I can block it (though bluntly) through mod_security. If you run MT, please delete the comments script until a fix is out. Will link to more information as it’s available.
8 thoughts on “MT Email Spamming”
About to release a patch…
That was fast!
The changes are small enough to print on a t-shirt. Look to CafePress soon for all of you bug fix gear.
This just in:
The patch has been made available in both upgrade and plug-in flavors. The plug-in is compatible with MT 3.x and 2.661, thank God.
(props: Brad Choate, via the TextDrive forums)
It sure was nice to be able to upgrade before the problem ever affected me. The folks at Six Apart are really getting good at this stuff! 🙂
Then maybe now I can finally get in contact with my SQL server again 😀