[Framework-Team] Re: FW: Plone site compromise epidemic!
Alexander Limi
limi at plone.org
Fri Sep 15 01:07:45 UTC 2006
Yeah, I just did a quick Google search and followed the first 150 links,
and about 70-80% of the sites have already fixed this, and return a 404
when I follow the link (if you do this, remember to turn off JS first!)
It's a minor issue, and I do think we nipped it in the bud before it
became particularly prevalent.
-- Alexander
On Thu, 14 Sep 2006 17:24:59 -0700, Alec Mitchell <apm13 at columbia.edu>
wrote:
> To say these sites are "compromised" is a bit extreme. People who
> were allowed to create profiles (i.e. this only happens to sites where
> anybody can join) could take advantage of a minor XSS vulnerability to
> seed google requests. Additionally there was a apparently more common
> avenue of attack for sites where normal self-joining users could add
> content, whereby they could put arbitrary html in a File object and
> have it render inline, scripts and all (which has more potential for
> danger, as the portrait issue was manily visible only for search
> engines). These issues are both fixed. In the end the abuse is only
> a tiny bit more significant than the ubiquitous forum and blog spam
> found all over the web.
>
> Alec
>
> On 9/14/06, Alexander Limi <limi at plone.org> wrote:
>> It has been fixed, that's what the 2.5.1 and 2.1.4 releases were about.
>>
>> Full instructions are here:
>> http://plone.org/documentation/how-to/clean-up-link-spam-on-your-site
>>
>> -- Alexander
>>
>> On Thu, 14 Sep 2006 16:54:25 -0700, Alan Runyan
>> <alan at enfoldsystems.com> wrote:
>>
>> >
>> >
>> > Alan Runyan
>> > Enfold Systems, Inc.
>> > http://www.enfoldsystems.com/
>> > phone: +1.713.942.2377x111
>> > fax: +1.832.201.8856
>> >
>> >
>> > -----Original Message-----
>> > From: Sean Duffy [mailto:swduffy at unmc.edu]
>> > Sent: Wednesday, September 13, 2006 10:45 AM
>> > To: runyaga at plone.org
>> > Subject: Plone site compromise epidemic!
>> >
>> > Hi,
>> >
>> > I have seen a recent flood of compromised Plone sites.
>> >
>> > A Google search for the terms plone_memberdata and viagra:
>> >
>> > http://www.google.com/search?q=portal_memberdata+viagra
>> >
>> > generates over half a million hits. Someone should look into changing
>> > the 'out of the box' security settings & set up some hotfixes.
>> >
>> > Help!
>> >
>> > Sean
>> >
>> > stuffduff at cox.net
>> > swduffy at unmc.edu
>> >
>>
>>
>>
>> --
>> _____________________________________________________________________
>>
>> Alexander Limi · Chief Architect · Plone Solutions · Norway
>>
>> Consulting · Training · Development · http://www.plonesolutions.com
>> _____________________________________________________________________
>>
>> Plone Co-Founder · http://plone.org · Connecting Content
>> Plone Foundation · http://plone.org/foundation · Protecting Plone
>>
>>
>>
>> _______________________________________________
>> Framework-Team mailing list
>> Framework-Team at lists.plone.org
>> http://lists.plone.org/mailman/listinfo/framework-team
>>
--
_____________________________________________________________________
Alexander Limi · Chief Architect · Plone Solutions · Norway
Consulting · Training · Development · http://www.plonesolutions.com
_____________________________________________________________________
Plone Co-Founder · http://plone.org · Connecting Content
Plone Foundation · http://plone.org/foundation · Protecting Plone
More information about the Framework-Team
mailing list