Welcome to Squishdot Websites Squishdot How-To
 about
 search
 post article
 Documentation
 Mailing Lists
 Bug Tracking
 Development
 Installation
 Upgrading
 Download
 admin
 rdf
 main


Small Spam Vulnerability in Squishdot
Squishdot Posted by Chris Withers on Thursday February 09, @06:48PM
from the hmmm-well-yeah-I-guess-sigh-sigh dept.
Garikoitz Araolaza reported some problems he was having with his Squishdot sites being used to send spam. This article contains a fix... The basic problem is one of Squishdot's mail_html templating being used to generate the stream sent to the SMTP server. As a result, that stream contained data supplied in the posting that wasn't being adequately cleansed.

The file attached to this article solves this problem and should be used to replace the distributed version.

In addition, all instantiated Squishdot sites should have their mail_html templates fixed. If you haven't changed this template, just replace it with the contents on the attached file.

If you have, it's the first four lines that need to be carefully checked.

NB: You will not have been sending any spam unless you've noticed a load of weird postings to any of your Squishdot sites that contain what look like SMTP headers in the 'email' or 'title' field.

If you have any questions, comments or can still find a way to send spam with Squishdot, please ask away...

cheers,

Chris

Post Reply

Name
Email
Notify Notify me via email of responses to this message
Title
Comment
(Check those URLs! Don't forget the http://!)
Encoding
If none of the above mean anything to you, select 'Plain'!
Attachment
(You can attach a file to your reply which can then be retrieved by other readers.
Try to keep the file sizes below 500Kb in order to conserve network and server resources.)
Allowed HTML <B> <I> <P> <A> <LI> <OL> <UL> <EM> <BR> <TT> <HR> <STRONG> <BLOCKQUOTE> <DIV .*> <DIV> <P .*>
Important Stuff:
  • Note: Fields with bold titles are required.
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads,
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Please do not post offtopic, inflammatory, inappropriate, illegal, or offensive comments. Repeat offenders will be sanctioned.
  • Powered by Zope  Squishdot Powered
      "Any system that depends on reliability is unreliable." -- Nogg's Postulate
    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©1999 Butch Landingin, ©2000-2002 Chris Withers.