Fixing Movable Type spam vulnerability

Publié le :

Ben Trott has posted a note and a fix to the Movable Type spam vulnerability. This should reduce the incentive a lot, however, as Ben points out, all "email this to a friend" programs are vulnerable to being used by spammers, because they allow the user to specify a To: address and a message body. One thing though, even if you are not using this feature on your MT weblog, you should still patch or, better, remove the mt-send-entry.cgi script.