how-to block ads
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| The fix isn't very good Reading the fix that movabletype.org have done .. well, it doesn't strike me as particularly good. So now they've limited the script to one target address and a short message body?
A spam-bot with a list of N movable type domain names could, in parallel, spam N people per second, even if everyone fixed their script per the recommendation. Ok that isn't as efficient as spamming NxM people per second (the original script allowed lists of people). But it is still possible.
It would be better if movabletype.org put a challenge response token into the loop, so you can't POST to it unless you have done a GET of the form, first, and a delay as well. Better still, remove the ability to enter a custom message (where the advert goes) entirely!
Or just remove the script and do not allow anon users to send links to any email address they like. | |
|  
trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs: | Re: The fix isn't very good Me too, the fix is horrible. Basically, the fix shows that they are lazy and that they don't want to fix it the correct way.
--
WedgeAntilles250 | |
| | 
nil
Java Geek
join:2000-11-27
Host:
Webmasters and Dev..
Forum Feature Requ..
| Re: The fix isn't very good In all fairness to Ben and Mena I don't think you can call them 'lazy' over a bad fix.. Movable Type is still a terrific tool and still free.. Hopefully they'll have a better fix soon, in the meantime, people should just remove the script altogether. There's no true need for it.
--
Life is too short to be boring | |
| | | |
|
