Re: [Framework-Team] Re: FW: Plone site compromise epidemic!

2006-09-14 Thread Alexander Limi 
Yeah, I just did a quick Google search and followed the first 150 links,  
and about 70-80% of the sites have already fixed this, and return a 404  
when I follow the link (if you do this, remember to turn off JS first!)


It's a minor issue, and I do think we nipped it in the bud before it  
became particularly prevalent.


-- Alexander

On Thu, 14 Sep 2006 17:24:59 -0700, Alec Mitchell <[EMAIL PROTECTED]>  
wrote:



To say these sites are "compromised" is a bit extreme.  People who
were allowed to create profiles (i.e. this only happens to sites where
anybody can join) could take advantage of a minor XSS vulnerability to
seed google requests.  Additionally there was a apparently more common
avenue of attack for sites where normal self-joining users could add
content, whereby they could put arbitrary html in a File object and
have it render inline, scripts and all (which has more potential for
danger, as the portrait issue was manily visible only for search
engines).  These issues are both fixed.  In the end the abuse is only
a tiny bit more significant than the ubiquitous forum and blog spam
found all over the web.

Alec

On 9/14/06, Alexander Limi <[EMAIL PROTECTED]> wrote:

It has been fixed, that's what the 2.5.1 and 2.1.4 releases were about.

Full instructions are here:
http://plone.org/documentation/how-to/clean-up-link-spam-on-your-site

-- Alexander

On Thu, 14 Sep 2006 16:54:25 -0700, Alan Runyan
<[EMAIL PROTECTED]> wrote:

>
>
>  Alan Runyan
>  Enfold Systems, Inc.
>  http://www.enfoldsystems.com/
>  phone: +1.713.942.2377x111
>  fax: +1.832.201.8856
>
>
> -Original Message-
> From: Sean Duffy [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 13, 2006 10:45 AM
> To: [EMAIL PROTECTED]
> Subject: Plone site compromise epidemic!
>
> Hi,
>
> I have seen a recent flood of compromised Plone sites.
>
> A Google search for the terms plone_memberdata and viagra:
>
> http://www.google.com/search?q=portal_memberdata+viagra
>
> generates over half a million hits.  Someone should look into changing
> the 'out of the box' security settings & set up some hotfixes.
>
> Help!
>
> Sean
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>



--
_

  Alexander Limi · Chief Architect · Plone Solutions · Norway

  Consulting · Training · Development · http://www.plonesolutions.com
_

   Plone Co-Founder · http://plone.org · Connecting Content
   Plone Foundation · http://plone.org/foundation · Protecting Plone



___
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team





--
_

 Alexander Limi · Chief Architect · Plone Solutions · Norway

 Consulting · Training · Development · http://www.plonesolutions.com
_

  Plone Co-Founder · http://plone.org · Connecting Content
  Plone Foundation · http://plone.org/foundation · Protecting Plone


___
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team

Re: [Framework-Team] Re: FW: Plone site compromise epidemic!

2006-09-14 Thread Alec Mitchell 

To say these sites are "compromised" is a bit extreme.  People who
were allowed to create profiles (i.e. this only happens to sites where
anybody can join) could take advantage of a minor XSS vulnerability to
seed google requests.  Additionally there was a apparently more common
avenue of attack for sites where normal self-joining users could add
content, whereby they could put arbitrary html in a File object and
have it render inline, scripts and all (which has more potential for
danger, as the portrait issue was manily visible only for search
engines).  These issues are both fixed.  In the end the abuse is only
a tiny bit more significant than the ubiquitous forum and blog spam
found all over the web.

Alec

On 9/14/06, Alexander Limi <[EMAIL PROTECTED]> wrote:

It has been fixed, that's what the 2.5.1 and 2.1.4 releases were about.

Full instructions are here:
http://plone.org/documentation/how-to/clean-up-link-spam-on-your-site

-- Alexander

On Thu, 14 Sep 2006 16:54:25 -0700, Alan Runyan
<[EMAIL PROTECTED]> wrote:

>
>
>  Alan Runyan
>  Enfold Systems, Inc.
>  http://www.enfoldsystems.com/
>  phone: +1.713.942.2377x111
>  fax: +1.832.201.8856
>
>
> -Original Message-
> From: Sean Duffy [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 13, 2006 10:45 AM
> To: [EMAIL PROTECTED]
> Subject: Plone site compromise epidemic!
>
> Hi,
>
> I have seen a recent flood of compromised Plone sites.
>
> A Google search for the terms plone_memberdata and viagra:
>
> http://www.google.com/search?q=portal_memberdata+viagra
>
> generates over half a million hits.  Someone should look into changing
> the 'out of the box' security settings & set up some hotfixes.
>
> Help!
>
> Sean
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>



--
_

  Alexander Limi · Chief Architect · Plone Solutions · Norway

  Consulting · Training · Development · http://www.plonesolutions.com
_

   Plone Co-Founder · http://plone.org · Connecting Content
   Plone Foundation · http://plone.org/foundation · Protecting Plone



___
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team



___
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team