Serendipity Forums

Posted: **Wed Nov 16, 2005 4:41 am**

The past few weeks I will get a couple email errors with random email addresses bouncing from S9Y and being returned to "Apache".

Today I got about 250 emails both bounces and returns from spam filters at AOL and other places. It looks like either the captcha was broken or there is a security flaw in S9Y. The attacks seem to come from about 50 POSTs today from different IP addresses.

I disabled the "email to friend" plugin. I googled some and found this link:

http://xtian.goelette.info/index.php?ur ... ttack.html

I am going to look into it some more but has anyone else had this happen? Is there an easy fix?

thanks,

jv

Posted: **Thu Nov 17, 2005 12:55 pm**

Hi!

You are right, the serendipity_event_mailentry problem was subject to email header injection. I just committed version 1.2 to our CVS repository, where you can fetch the update.

Thanks for letting us know, I'll announce this on our blog.

Regards,
Garvin

Posted: **Wed Dec 07, 2005 11:56 am**

Is this fixed in 0.9.1? I thought it was, and was once again hit by the same problem on a site using S9Y 0.9.1.

Posted: **Wed Dec 07, 2005 12:00 pm**

This has nothing to do with core serendipity versions, it's a plugin (serendipity_event_mailentry) that you need to upgrade...

Regards,
Garvin

Posted: **Wed Dec 07, 2005 12:05 pm**

Aye; did that

Serendipity Forums

Hacked by Spammers! (S9Y 0.9)

Hacked by Spammers! (S9Y 0.9)

Re: Hacked by Spammers! (S9Y 0.9)