Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Do you run a Movabletype blog? » The fix isn't very good
Search Topic:
Uniqs:
31		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
Thanks for the heads up! »
AuthorAll Replies


nil
Java Geek
join:2000-11-27

Host:
Webmasters and Dev..
Forum Feature Requ..
reply to trparky
Re: The fix isn't very good

In all fairness to Ben and Mena I don't think you can call them 'lazy' over a bad fix.. Movable Type is still a terrific tool and still free.. Hopefully they'll have a better fix soon, in the meantime, people should just remove the script altogether. There's no true need for it.
--
Life is too short to be boring
to forum · permalink · · 2003-11-26 17:36:57 · Reply to this


trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs:		reply to justin
Me too, the fix is horrible. Basically, the fix shows that they are lazy and that they don't want to fix it the correct way.
--
WedgeAntilles250
to forum · permalink · · 2003-11-26 17:22:44 · Reply to this


justin
Australian
join:1999-05-28
Brooklyn, NY

Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
 Reading the fix that movabletype.org have done .. well, it doesn't strike me as particularly good. So now they've limited the script to one target address and a short message body?

A spam-bot with a list of N movable type domain names could, in parallel, spam N people per second, even if everyone fixed their script per the recommendation. Ok that isn't as efficient as spamming NxM people per second (the original script allowed lists of people). But it is still possible.

It would be better if movabletype.org put a challenge response token into the loop, so you can't POST to it unless you have done a GET of the form, first, and a delay as well. Better still, remove the ability to enter a custom message (where the advert goes) entirely!

Or just remove the script and do not allow anon users to send links to any email address they like.
to forum · permalink · · 2003-11-26 17:09:14 · Reply to this
Forums » Do you run a Movabletype blog?Thanks for the heads up! »

Saturday, 28-Nov 23:06:33 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [71] Weekend Open Thread
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Why does it take so long? Mail question [General Questions]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· Why would I want an e reader? [General Questions]
· Don't Use A Motorcycle To Divert Traffic [56k Lookout (Broadband Heavy)]
· [Newsgroups] Newzleech down? [Filesharing Software]