MT script abuse

| 3 Comments | 1 TrackBack

Over the past couple of days, the hosting company that I use has been forced to disable access to two MT scrips, effective immediately. Since I know there people don't take this kind of serious measurements unless absolutely necessary, I suggest you take a look whether or not you've got these scripts installed as well.

1. MT Plugin Manager (mt-pm.cgi - 3rd party plugin, not included in MT core files) - Reason : high server load
2. mt-send-entry.cgi (Part of a standard MT install) - Reason : spamming possible through certain versions of the script.

On all MT powered domains under my control, the MT plugin manager has never been installed, and the mt-send-entry.cgi script has now been disabled manually, in addition to the host based filtering.

1 TrackBack

All the way back in November, there was a bug found in a script that came with Moveable Type (MT). It was a little used script file, mt-send-entry.cgi, that spammers could use to relay email spam from your site. They... Read More


The plugin manager has gone through several reincarnations recently for precisly this reason ... I understand the most recent version is ok, but I don't follow or use it myself, so I could easily be wrong there.

Wasn't the other script fixed in 2.661? If I recall, around January they released a fixed version because the old script was open to exploit ...

I don't know about the Plugin Manager either since I don't use it, but apparently (and the same goes for the send-entry script) people don't keep up to date and keep running unpatched versions of those scripts.

Too bad it has to lead to problems for all those that keep up-to-date :(

Aint that the truth!

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on April 5, 2004 5:50 PM.

Happy Birthday Dad! was the previous entry in this blog.

When music becomes dangerous is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.