[Baypiggies] hey guys, I think we've been hacked

Rob Miller ra at burningman.com
Sun Nov 4 23:20:12 CET 2007

Aahz wrote:
> On Sun, Nov 04, 2007, tpc247 at gmail.com wrote:
>> Someone has been using the new Plone site to register numerous accounts on
>> the BayPIGgies host and creating images that redirect users to site selling
>> pharmaceuticals.  I'm not sure what to do, but I think an alert and perhaps
>> installation of CAPTCHA software is in order.
> I'm opposed to CAPTCHA, it breaks text-only browsing.  There are plenty
> of other options, including requiring the submission of a working email
> address and using a text password that's buried in instructions for
> creating an account.

plone (and other popular CMSy web apps) were targeted a while back by scripts 
that do this.  recent plone releases default to requiring email confirmation 
to complete site registration.  if this isn't already turned on, and this is 
acceptable to all of you, it should be trivial to change the setting.  Anyone 
with 'Manager' privs can do so in the site settings (site properties control 
panel, IIRC).


More information about the Baypiggies mailing list