Movable Type Community Forum

Movable Type Community Forum > Other Product Discussion > Bugs and Odd Behavior

cwroblew

Sep 9 2005, 08:03 AM

Some one hacked into mt-comment.cgi and was able to email a large amount of blank emails in what appears to be a DOS attack. Granted one of the authors of the blog is going to attract this type of attacks...

We are currently on 3.15 for this server. Also, our server automatically sets the permissions to 755 for all .pl and.cgi files so this may be the main problem.

We are just trying to figure out all that happened. Our first step was to rename the mt-comment.cgi file.

Does any one know of this? And would upgrading to the latest version prevent it?

I'm not an expert on unix, but I assume that it is mainly the permissions on the file that allowed the hacker to attack.

Charlene

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.