Welcome to Squishdot Websites Squishdot How-To
 post article
 Mailing Lists
 Bug Tracking

Small Spam Vulnerability in Squishdot
Squishdot Posted by Chris Withers on Thursday February 09, @06:48PM
from the hmmm-well-yeah-I-guess-sigh-sigh dept.
Garikoitz Araolaza reported some problems he was having with his Squishdot sites being used to send spam. This article contains a fix... The basic problem is one of Squishdot's mail_html templating being used to generate the stream sent to the SMTP server. As a result, that stream contained data supplied in the posting that wasn't being adequately cleansed.

The file attached to this article solves this problem and should be used to replace the distributed version.

In addition, all instantiated Squishdot sites should have their mail_html templates fixed. If you haven't changed this template, just replace it with the contents on the attached file.

If you have, it's the first four lines that need to be carefully checked.

NB: You will not have been sending any spam unless you've noticed a load of weird postings to any of your Squishdot sites that contain what look like SMTP headers in the 'email' or 'title' field.

If you have any questions, comments or can still find a way to send spam with Squishdot, please ask away...



Post Reply

Notify Notify me via email of responses to this message
(Check those URLs! Don't forget the http://!)
If none of the above mean anything to you, select 'Plain'!
(You can attach a file to your reply which can then be retrieved by other readers.
Try to keep the file sizes below 500Kb in order to conserve network and server resources.)
Allowed HTML <B> <I> <P> <A> <LI> <OL> <UL> <EM> <BR> <TT> <HR> <STRONG> <BLOCKQUOTE> <DIV .*> <DIV> <P .*>
Important Stuff:
  • Note: Fields with bold titles are required.
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads,
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Please do not post offtopic, inflammatory, inappropriate, illegal, or offensive comments. Repeat offenders will be sanctioned.
  • Powered by Zope  Squishdot Powered
      "Any system that depends on reliability is unreliable." -- Nogg's Postulate
    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©1999 Butch Landingin, ©2000-2002 Chris Withers.