from the hmmm-well-yeah-I-guess-sigh-sigh dept.
Garikoitz Araolaza reported some problems he was having with his Squishdot sites being used to send spam. This article contains a fix... The basic problem is one of Squishdot's mail_html templating being used to generate the stream sent to the SMTP server. As a result, that stream contained data supplied in the posting that wasn't being adequately cleansed.
The file attached to this article solves this problem and should be used to replace the distributed version.
In addition, all instantiated Squishdot sites should have their mail_html templates fixed. If you haven't changed this template, just replace it with the contents on the attached file.
If you have, it's the first four lines that need to be carefully checked.
NB: You will not have been sending any spam unless you've noticed a load of weird postings to any of your Squishdot sites that contain what look like SMTP headers in the 'email' or 'title' field.
If you have any questions, comments or can still find a way to send spam with Squishdot, please ask away...
|"Any system that depends on reliability is unreliable." -- Nogg's Postulate|
|All trademarks and copyrights on this page are
owned by their respective companies.
Comments are owned by the Poster.
The Rest ©1999
Butch Landingin, ©2000-2002