Time to go back into your Movable Type directory

Do you use Movable Type? Time to go back into your MT directory and delete (or at least replace) a file:

Musings: More MT Spam Vulnerabilities

As if comment spam were not bad enough, MovableType includes, in its default installation, a CGI script called mt-send-entry.cgi which — you guessed it! — can be used to send email anonymously to anyone in the world.

...Unless you feel you absolutely must use this CGI script to allow anonymous visitors to mail arbitrary messages to whomever they please, you’d be much better off simply disabling it. Change the permissions on the offending script to make it inexecutable, or remove it entirely.

Do it now, before your blog is exploited by spammers.

And here's the official notice: Movable Type Spam Vulnerability

If you're not using this functionality at all, we recommend that you simply remove mt-send-entry.cgi from your MT directory. MT doesn't have any hooks to use this script by default anyway, so you won't be breaking your MT installation.

    2 comment(s)  

Greymatter is the best!
      ...posted by 700km on December 2, 2003 5:02 AM

wow, thanks... I gotta go tell all my friends using movable type!!
      ...posted by vancouver wedding musicians on January 21, 2004 3:02 AM

Add a comment...

 Bloody spam.

My e-mail has hit a landmark in the last couple of months. I'm sure I'm a year or more behind Brad regarding this milestone, but (plus or minus a couple of percentage points on a given day), 90% of the e-mail I receive is spam.

This is a problem.

And the mild amusement factor of appreciating the aesthetics and comedy of the subject lines (current favorite: "CASH!CASH!CASH!NOW!NOW!NOW!") is not sufficient compensation for the time I spend deleting, deleting, deleting.

I use SpamAssassin, which is all right, but I'd rather have less of it sent in the first place.

Oh freaking well.     1 comment(s)  

I've been finding that a combinationof spam assassin and Apple's Mail (in Panther) VERY effective. Mail's bayesian filtering is excellent and what it misses, spam assassin (courtesy of pair.com) is catching. I only have about 1-3 false negatives a day (still high, imho) and 1-3 false positives a week (and as I get them, I add the senders to my address book which has the added advantage of keeping my address book up to date).
      ...posted by Andy Affleck on November 29, 2003 8:56 AM

Add a comment...

 Cinnamon: good for you

This is unexpectedly cool:

Cinnamon spice produces healthier blood [New Scientist via Anita Rowland]

Just half a teaspoon of cinnamon a day significantly reduces blood sugar levels in diabetics, a new study has found. The effect, which can be produced even by soaking a cinnamon stick [in] your tea, could also benefit millions of non-diabetics who have [a] blood sugar problem but are unaware of it.

The discovery was initially made by accident...

...The cinnamon has additional benefits. In the volunteers, it lowered blood levels of fats and "bad" cholesterol, which are also partly controlled by insulin. And in test tube experiments it neutralised free radicals, damaging chemicals which are elevated in diabetics.

"I don't recommend eating more cinnamon buns, or even more apple pie - there's too much fat and sugar," says Anderson. "The key is to add cinnamon to what you would eat normally."

I've been adding it to the fruit smoothies we make in the morning. Guess I'll add another dash or two.