[Framework-Team] Re: FW: Plone site compromise epidemic!

Alexander Limi limi at plone.org
Fri Sep 15 01:07:45 UTC 2006


Yeah, I just did a quick Google search and followed the first 150 links,  
and about 70-80% of the sites have already fixed this, and return a 404  
when I follow the link (if you do this, remember to turn off JS first!)

It's a minor issue, and I do think we nipped it in the bud before it  
became particularly prevalent.

-- Alexander

On Thu, 14 Sep 2006 17:24:59 -0700, Alec Mitchell <apm13 at columbia.edu>  
wrote:

> To say these sites are "compromised" is a bit extreme.  People who
> were allowed to create profiles (i.e. this only happens to sites where
> anybody can join) could take advantage of a minor XSS vulnerability to
> seed google requests.  Additionally there was a apparently more common
> avenue of attack for sites where normal self-joining users could add
> content, whereby they could put arbitrary html in a File object and
> have it render inline, scripts and all (which has more potential for
> danger, as the portrait issue was manily visible only for search
> engines).  These issues are both fixed.  In the end the abuse is only
> a tiny bit more significant than the ubiquitous forum and blog spam
> found all over the web.
>
> Alec
>
> On 9/14/06, Alexander Limi <limi at plone.org> wrote:
>> It has been fixed, that's what the 2.5.1 and 2.1.4 releases were about.
>>
>> Full instructions are here:
>> http://plone.org/documentation/how-to/clean-up-link-spam-on-your-site
>>
>> -- Alexander
>>
>> On Thu, 14 Sep 2006 16:54:25 -0700, Alan Runyan
>> <alan at enfoldsystems.com> wrote:
>>
>> >
>> >
>> >  Alan Runyan
>> >  Enfold Systems, Inc.
>> >  http://www.enfoldsystems.com/
>> >  phone: +1.713.942.2377x111
>> >  fax: +1.832.201.8856
>> >
>> >
>> > -----Original Message-----
>> > From: Sean Duffy [mailto:swduffy at unmc.edu]
>> > Sent: Wednesday, September 13, 2006 10:45 AM
>> > To: runyaga at plone.org
>> > Subject: Plone site compromise epidemic!
>> >
>> > Hi,
>> >
>> > I have seen a recent flood of compromised Plone sites.
>> >
>> > A Google search for the terms plone_memberdata and viagra:
>> >
>> > http://www.google.com/search?q=portal_memberdata+viagra
>> >
>> > generates over half a million hits.  Someone should look into changing
>> > the 'out of the box' security settings & set up some hotfixes.
>> >
>> > Help!
>> >
>> > Sean
>> >
>> > stuffduff at cox.net
>> > swduffy at unmc.edu
>> >
>>
>>
>>
>> --
>> _____________________________________________________________________
>>
>>       Alexander Limi · Chief Architect · Plone Solutions · Norway
>>
>>   Consulting · Training · Development · http://www.plonesolutions.com
>> _____________________________________________________________________
>>
>>        Plone Co-Founder · http://plone.org · Connecting Content
>>    Plone Foundation · http://plone.org/foundation · Protecting Plone
>>
>>
>>
>> _______________________________________________
>> Framework-Team mailing list
>> Framework-Team at lists.plone.org
>> http://lists.plone.org/mailman/listinfo/framework-team
>>



-- 
_____________________________________________________________________

      Alexander Limi · Chief Architect · Plone Solutions · Norway

  Consulting · Training · Development · http://www.plonesolutions.com
_____________________________________________________________________

       Plone Co-Founder · http://plone.org · Connecting Content
   Plone Foundation · http://plone.org/foundation · Protecting Plone
 




More information about the Framework-Team mailing list