[pmwiki-users] another problem with blocklist2

Neil Herber nospam at eton.ca
Sun Sep 11 10:07:39 CDT 2005


Yesterday I reported a "feature" of the Blocklist2 cookbook recipe 
that can cause problems on Windoze servers (it prevents you from 
updating the blocklist). Today I encountered another problem that may 
affect all servers.

The Blocklist2 script checks to see if the page being edited is the 
Blocklist page itself. If it is, then Blocklist allows anything to be 
posted. The script checks for BOTH Main.Blocklist and Site.Blocklist, 
and that is where the problem arises.

If you are running an older version of PmWiki that uses 
Main.Blocklist, then you probably do not have a Site group or a page 
called Site.Blocklist. Spammers have figured this out, and they 
simply create the page Site.Blocklist and populate it with their 
"stuff". Because the Blocklist script allows posting to 
Site.Blocklist, the spammer stuff gets posted. I know this because it 
happened to me (version 2 beta 40) last night.

I suspect that the reverse is true - if you are using Site.Blocklist 
and you do not have a Main.Blocklist, the spammers will just create 
it and post.

The cure is for all users of the Blocklist script to create both 
Main.Blocklist and Site.Blocklist and edit protect them.


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 





More information about the pmwiki-users mailing list