[Baypiggies] hey guys, I think we've been hacked
Rob Miller
ra at burningman.com
Sun Nov 4 23:20:12 CET 2007
Aahz wrote:
> On Sun, Nov 04, 2007, tpc247 at gmail.com wrote:
>> Someone has been using the new Plone site to register numerous accounts on
>> the BayPIGgies host and creating images that redirect users to site selling
>> pharmaceuticals. I'm not sure what to do, but I think an alert and perhaps
>> installation of CAPTCHA software is in order.
>
> I'm opposed to CAPTCHA, it breaks text-only browsing. There are plenty
> of other options, including requiring the submission of a working email
> address and using a text password that's buried in instructions for
> creating an account.
plone (and other popular CMSy web apps) were targeted a while back by scripts
that do this. recent plone releases default to requiring email confirmation
to complete site registration. if this isn't already turned on, and this is
acceptable to all of you, it should be trivial to change the setting. Anyone
with 'Manager' privs can do so in the site settings (site properties control
panel, IIRC).
-r
More information about the Baypiggies
mailing list