To say these sites are "compromised" is a bit extreme.  People who
were allowed to create profiles (i.e. this only happens to sites where
anybody can join) could take advantage of a minor XSS vulnerability to
seed google requests.  Additionally there was a apparently more common
avenue of attack for sites where normal self-joining users could add
content, whereby they could put arbitrary html in a File object and
have it render inline, scripts and all (which has more potential for
danger, as the portrait issue was manily visible only for search
engines).  These issues are both fixed.  In the end the abuse is only
a tiny bit more significant than the ubiquitous forum and blog spam
found all over the web.

Alec

On 9/14/06, Alexander Limi <[EMAIL PROTECTED]> wrote:
It has been fixed, that's what the 2.5.1 and 2.1.4 releases were about.

Full instructions are here:
http://plone.org/documentation/how-to/clean-up-link-spam-on-your-site

-- Alexander

On Thu, 14 Sep 2006 16:54:25 -0700, Alan Runyan
<[EMAIL PROTECTED]> wrote:

>
>
>  Alan Runyan
>  Enfold Systems, Inc.
>  http://www.enfoldsystems.com/
>  phone: +1.713.942.2377x111
>  fax: +1.832.201.8856
>
>
> -----Original Message-----
> From: Sean Duffy [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 13, 2006 10:45 AM
> To: [EMAIL PROTECTED]
> Subject: Plone site compromise epidemic!
>
> Hi,
>
> I have seen a recent flood of compromised Plone sites.
>
> A Google search for the terms plone_memberdata and viagra:
>
> http://www.google.com/search?q=portal_memberdata+viagra
>
> generates over half a million hits.  Someone should look into changing
> the 'out of the box' security settings & set up some hotfixes.
>
> Help!
>
> Sean
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>



--
_____________________________________________________________________

      Alexander Limi · Chief Architect · Plone Solutions · Norway

  Consulting · Training · Development · http://www.plonesolutions.com
_____________________________________________________________________

       Plone Co-Founder · http://plone.org · Connecting Content
   Plone Foundation · http://plone.org/foundation · Protecting Plone



_______________________________________________
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team


_______________________________________________
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team

Reply via email to