The fix isn't very good

Author	All Replies
justin Australian join:1999-05-28 New York, NY kudos:7 Host: IPv6 Business Connectiv.. Console/Handheld g.. Home/Office setup .. Photos of Broadban..	The fix isn't very good Reading the fix that movabletype.org have done .. well, it doesn't strike me as particularly good. So now they've limited the script to one target address and a short message body? A spam-bot with a list of N movable type domain names could, in parallel, spam N people per second, even if everyone fixed their script per the recommendation. Ok that isn't as efficient as spamming NxM people per second (the original script allowed lists of people). But it is still possible. It would be better if movabletype.org put a challenge response token into the loop, so you can't POST to it unless you have done a GET of the form, first, and a delay as well. Better still, remove the ability to enter a custom message (where the advert goes) entirely! Or just remove the script and do not allow anon users to send links to any email address they like.
	to forum · permalink · 2003-11-26 17:09:14 ·
trparky Apple... YUM Premium,MVM join:2000-05-24 Cleveland, OH kudos:1	Me too, the fix is horrible. Basically, the fix shows that they are lazy and that they don't want to fix it the correct way. -- WedgeAntilles250
	to forum · permalink · 2003-11-26 17:22:44 ·
nil Java Geek join:2000-11-27 kudos:1 Host: Webmasters and Dev.. Forum Feature Requ..	In all fairness to Ben and Mena I don't think you can call them 'lazy' over a bad fix.. Movable Type is still a terrific tool and still free.. Hopefully they'll have a better fix soon, in the meantime, people should just remove the script altogether. There's no true need for it. -- Life is too short to be boring
	to forum · permalink · 2003-11-26 17:36:57 ·

Do you run a Movabletype blog? > The fix isn't very good