mt vulnerability

MovableType users, there is a security issue that you need to tend to immediately. Here's what you need to do:

  1. Rename, relocate, or simply remove mt-send-entry.cgi. It's a formmail script, so people are using it* to spam other people. Of course, since it's your server that's sending out the Viagra emails, your server is going to be blacklisted when an anti-spam tracker detects it.
  2. (updated, thanks Adam) Add the following to your .htaccess file:
    <Files ~ "\.(ini|inc|tmpl|cfg)">
| |


Blogger decides to upgrade
all their users to the Pro level. An obvious attempt to stay afloat after MT and Typepad's deluge, but they have to even better than this to actually survive.