Disable mt-send-entry.cgi
movabletype.org : Support Forum
This morning while checking my mail server's filtered spam directory I noticed 11 messages that appeared to come from my MT blog. More research showed the spammer used mt-send-entry.cgi to attempt to send spam. They would have succeeded also if not for the fact that I have spamassassin installed on my mail server and it snagged the outgoing email before it could be delivered to any of the 500 recipients in the email. The disturbing part is they would have gotten away with it if not for spamassasin (which I suspect most blog email systems do not have).
mt-send-entry.cgi enables spammers to use your blog to send spam. Until there's a fixed version your best bet is to remove it completely. In my case, I replaced it with a simple CGI saying that the feature is disabled. You could also try renaming it, but the safest thing is still to either replace it with a barebones "sorry" or remove it altogether. The spammers have definitely set their sights on blogging tools as their next playground. Ultimately we'll get stronger tools out of it, I would hope.
Comments
What's the purpose of mt-send-entry.cgi?
Posted by: Luke | November 25, 2003 9:47 AM