Well, that's the 50 million dollar question now isn't it? If I was an attacker, I would send a malicious link to people who regularly visit a website that uses Thumblist2. Just do a google search for inurl:Thumblist2 and you have at least one that comes up. But this isn't really about your site, this about any site that uses PmWiki. For example, I work for a university. If someone wanted they could make a very legitimate looking link that points to our wiki page. Because the URL would have msstate.edu in it, a lot of people would feel that there isn't anything wrong with the link and click it. If only a handful fall for it, well...that's a handful of bot computers they just got. Not everyone uses Firefox or Opera.
As for not following the proper notification path for this, I am sorry. I am new to the PmWiki development world. I did e-mail Patrick about the issue after Hans told me I should. Patrick responded and said it would be fixed a new release sometime today, 26 Jun 2008. Quoting Petko Yotov <[EMAIL PROTECTED]>: > which keeps me wondering why would an attacker use my site and what exactly > can he get from this. _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
