republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Do you run a Movabletype blog? » The fix isn't very good
Search Topic:
Uniqs:
28		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Thanks for the heads up! »
AuthorAll Replies


justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
The fix isn't very good

Reading the fix that movabletype.org have done .. well, it doesn't strike me as particularly good. So now they've limited the script to one target address and a short message body?

A spam-bot with a list of N movable type domain names could, in parallel, spam N people per second, even if everyone fixed their script per the recommendation. Ok that isn't as efficient as spamming NxM people per second (the original script allowed lists of people). But it is still possible.

It would be better if movabletype.org put a challenge response token into the loop, so you can't POST to it unless you have done a GET of the form, first, and a delay as well. Better still, remove the ability to enter a custom message (where the advert goes) entirely!

Or just remove the script and do not allow anon users to send links to any email address they like.
to forum · permalink · · 2003-11-26 17:09:14 · Reply to this


trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs:		 Me too, the fix is horrible. Basically, the fix shows that they are lazy and that they don't want to fix it the correct way.
--
WedgeAntilles250
to forum · permalink · · 2003-11-26 17:22:44 · Reply to this


nil
Java Geek
join:2000-11-27

Host:
Webmasters and Dev..
Forum Feature Requ..
 In all fairness to Ben and Mena I don't think you can call them 'lazy' over a bad fix.. Movable Type is still a terrific tool and still free.. Hopefully they'll have a better fix soon, in the meantime, people should just remove the script altogether. There's no true need for it.
--
Life is too short to be boring
to forum · permalink · · 2003-11-26 17:36:57 · Reply to this
Forums » Do you run a Movabletype blog?Thanks for the heads up! »

Monday, 09-Nov 06:23:43 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [156] Cable Uncapper Faces Criminal Charges
· [140] AT&T Sues Verizon Over 3G Ads
· [112] Why Run Fiber When You Can Run Ads That Pretend You Do?
· [109] Comcast Is Simply Getting Huge
· [93] Apple Cooking Up New $30 A Month TV Service?
· [83] Bits Of ACTA Agreement Leaking Out
· [80] Will 'Three Strikes' Come To The United States?
· [78] Verizon To Double Smartphone ETFs?
· [77] Verizon: Droid Tethering Will Cost $30 Extra
· [73] Comcast, NBC Deal Almost Complete
Most people now reading
· Divorce advice... [General Questions]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· [WIN7] Which Services in Win 7 Have You Turned Off? [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Framed for child porn 151; by a PC virus [Security]
· Bad lag all of a sudden - Jonesboro, AR [Suddenlink]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Lots of problems lately? [Rogers]