[pmwiki-users] another problem with blocklist2
Neil Herber
nospam at eton.ca
Sun Sep 11 10:07:39 CDT 2005
Yesterday I reported a "feature" of the Blocklist2 cookbook recipe
that can cause problems on Windoze servers (it prevents you from
updating the blocklist). Today I encountered another problem that may
affect all servers.
The Blocklist2 script checks to see if the page being edited is the
Blocklist page itself. If it is, then Blocklist allows anything to be
posted. The script checks for BOTH Main.Blocklist and Site.Blocklist,
and that is where the problem arises.
If you are running an older version of PmWiki that uses
Main.Blocklist, then you probably do not have a Site group or a page
called Site.Blocklist. Spammers have figured this out, and they
simply create the page Site.Blocklist and populate it with their
"stuff". Because the Blocklist script allows posting to
Site.Blocklist, the spammer stuff gets posted. I know this because it
happened to me (version 2 beta 40) last night.
I suspect that the reverse is true - if you are using Site.Blocklist
and you do not have a Main.Blocklist, the spammers will just create
it and post.
The cure is for all users of the Blocklist script to create both
Main.Blocklist and Site.Blocklist and edit protect them.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list