Jump to content


Photo

Movable Type V3.15


  • Please log in to reply
20 replies to this topic

#1 TweezerMan

TweezerMan

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,763 posts

Posted 25 January 2005 - 12:03 AM

Movable Type 3.15 Released

Version 3.15 fixes a vulnerability in the mail sending packages for all Movable Type versions which allows malicious users to send email through the application to any number of arbitrary users.

All users should install this update.

The fix has also been made available as a plugin that is compatible with 2.661 and higher, so please take advantage of this ASAP to protect your installation.

(from MT Forums)
David Phillips (TweezerMan)
The Tweezer's Edge v3

#2 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 25 January 2005 - 12:46 AM

Thanks for the warning David
and
:clapping: Welcome to the Family :clapping:

and your new home!

We really are like family here.
So if you need anything,
just ask your new family!
We love to help :)

#3 arvind

arvind

    Immediate Family

  • Members
  • PipPipPipPip
  • 481 posts

Posted 25 January 2005 - 01:19 AM

For more information. Those of you on MT 3.14, you should only need to upload Mail.pm, Util.pm and MT.pm To my knowledge these are the three files that have changed from 3.14 to 3.15

#4 annie

annie

    Immediate Family

  • Members
  • PipPipPipPip
  • 490 posts

Posted 25 January 2005 - 05:05 AM

There are a few more updated files. What I did was that I zipped the file up on my home machine, then set the FTP to list the files according to date. I went through the whole file structure, and found quite a few files with time stamp today.

#5 Iki

Iki

    Family Friend

  • Members
  • PipPip
  • 60 posts

Posted 25 January 2005 - 05:28 PM

I went to install this plugin just now only to find that someone had already installed it on all my installations across 3 different servers.

If this was a security measure by TCH, I'd have appreciated an email to let me know. It's very disconcerting to go into my folders and find things there that I didn't upload.

Honestly, I'm feeling a little violated right now.

#6 Head Guru

Head Guru

    Bill Kish Head Guru

  • Admins
  • PipPipPipPip
  • 6,875 posts

Posted 25 January 2005 - 05:36 PM

We just completed pushing a file to all MT installations. This was done on all servers. This was in direct response to many users MT installs being exploited by hackers.

If you feel violated that we pushed a plugin into your MT install I am very sorry. Imagine how we have felt the past three days seeing MT being attacked and there was nothing that could be done. Furthermore, imagine how all the users not running MT on your server would have felt when your install was compromised and the server sent out 100 million emails causing high loads, down time and IP blacklisting.

TCH made the right choice. I am sure you want a secure, safe and reliable server. It seems we can never please all of the people all of the time. This is a risk I am willing to take to insure server security and reliability.

A e-mail is being dispatched to all our clients, however, we patched our servers before the e-mail went out. This is sometimes done during rushed patch installs.

Bill

Bill Kish

Head Cook and Bottle Washer

If you need help with your account or have any questions, please feel free to contact me using any of the contact methods below.  I can be reached 24 hours a day seven days per week.

Office :: 800-930-0485 x211
Mobile :: 248-632-3243

email: bill(at)totalchoicehosting.com

Instant Messenger -
AOL Instant Messenger: tchgurubill
Yahoo Messenger : tchgurubill
MSN Messenger : tchgurubill@hotmail.com

Thank you for your support and continued business


#7 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 20,135 posts

Posted 25 January 2005 - 06:04 PM

Welcome to the family David! :angry:

Glad to have you here.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#8 Iki

Iki

    Family Friend

  • Members
  • PipPip
  • 60 posts

Posted 25 January 2005 - 06:19 PM

My apologies.

#9 annie

annie

    Immediate Family

  • Members
  • PipPipPipPip
  • 490 posts

Posted 25 January 2005 - 06:57 PM

Wow, you're saying this thing was exploited?

Let's say my install was exploited. Would there be any tell tale signs in my logs? What would I be looking for?

#10 Head Guru

Head Guru

    Bill Kish Head Guru

  • Admins
  • PipPipPipPip
  • 6,875 posts

Posted 25 January 2005 - 11:47 PM

Sorry for the late update, today has been a busy day.

This e-mail was sent to all clients of TCH.

--------------------------------

Hello,

Late last night the makers of Movable Type announced that a vulnerability existed in all versions of Movable Type. Movable Type is a software that is not supplied by TotalChoice, however it is very popular with our client base. If you are not using Movable Type, please ignore this email.

This exploit in all versions of Movable Type allowed a malicious user to exploit the e-mail functions of Movable Type and send unlimited spam e-mail from the targeted site.

We noticed certain Movable Type sites several days ago start sending massive amounts of e-mail and caused several of our servers to crash. At that time we were not aware of the exploits.

Once we were informed of the exploits and were given access to a plug-in that would stop the attacks we immediately pushed out a file to all of the users Movable Type directories.

This e-mail is only a notice that a new plugin exists in your Movable Type installation.

We urge you to upgrade your Movable Type Installation to the most current and up to date version. 3.15

Thank you for you continued support.

TotalChoice Hosting

Bill Kish

Head Cook and Bottle Washer

If you need help with your account or have any questions, please feel free to contact me using any of the contact methods below.  I can be reached 24 hours a day seven days per week.

Office :: 800-930-0485 x211
Mobile :: 248-632-3243

email: bill(at)totalchoicehosting.com

Instant Messenger -
AOL Instant Messenger: tchgurubill
Yahoo Messenger : tchgurubill
MSN Messenger : tchgurubill@hotmail.com

Thank you for your support and continued business


#11 TweezerMan

TweezerMan

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,763 posts

Posted 26 January 2005 - 12:14 AM

Yes, this vulnerability in MT was already being exploited. The exploits were what led to the vulnerability being discovered.

Last Saturday, on Jay Allens's MT-Blacklist forum, a user reported that their mt-comments.cgi script was hi-jacked to send e-mail spam.

TextDrive shut down all mt-comments.cgi scripts on their servers due to spammers attacking this vulnerability.

I was not aware that any MT sites hosted by TCH were being exploited, but it does not surprise me that there were.

The exact nature of the vulnerability is that a mailcious user can (among other things) post a comment to an MT weblog and cause comment notification e-mails to be sent to any number of recipients they choose. To exploit this hole, notifications MUST be turned on and hence the user should notice.

Let's say my install was exploited. Would there be any tell tale signs in my logs? What would I be looking for?

There would be no sign at all in your logs. The sign that your MT install was being exploited would be in your comment notification e-mails. You should see extra e-mail headers (such as BCC:) and extra e-mail addresses after the commenter's "Email Address:" listed in the notification.
David Phillips (TweezerMan)
The Tweezer's Edge v3

#12 TweezerMan

TweezerMan

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,763 posts

Posted 26 January 2005 - 12:44 AM

Thanks for the welcome, Don and Bruce! :dance:

If you feel violated that we pushed a plugin into your MT install I am very sorry. Imagine how we have felt the past three days seeing MT being attacked and there was nothing that could be done. Furthermore, imagine how all the users not running MT on your server would have felt when your install was compromised and the server sent out 100 million emails causing high loads, down time and IP blacklisting.

TCH made the right choice. I am sure you want a secure, safe and reliable server. It seems we can never please all of the people all of the time. This is a risk I am willing to take to insure server security and reliability.

It's not an easy decision to push files on users' installations, but I think TCH made the right decison too. By making the fix into a plugin that worked on both MT 2.x and 3.x installations, Six Apart made it very easy for TCH to fix all MT installations in one shot instead of waiting for each user to find out about the vulnerability and waiting for them to eventually fix it themselves (if they ever did).
David Phillips (TweezerMan)
The Tweezer's Edge v3

#13 Iki

Iki

    Family Friend

  • Members
  • PipPip
  • 60 posts

Posted 26 January 2005 - 09:44 AM

TCH made the right choice. I am sure you want a secure, safe and reliable server. It seems we can never please all of the people all of the time. This is a risk I am willing to take to insure server security and reliability.

It's not an easy decision to push files on users' installations, but I think TCH made the right decison too. By making the fix into a plugin that worked on both MT 2.x and 3.x installations, Six Apart made it very easy for TCH to fix all MT installations in one shot instead of waiting for each user to find out about the vulnerability and waiting for them to eventually fix it themselves (if they ever did).


I definitely think it was the right decision. All I was saying is that I went into my plugin folder to do something else, saw an unknown file in there with "mail spam" in the title and immediately deleted it because I thought I was being attacked by some weird spammer worm or something. :eek: I spent a terrified hour thinking either my software had grown a mind of its own or someone had hacked all my accounts, and by the time I came in here and realized what was going on I was majorly freaked out. :dance: Just a bizarre coincidence that I happened to FTP up there right after the thing got installed. :oops:

So let me apologize again to everyone at TCH - I've never had a host that cared enough about their customers to take the initiative and make sure everyone's stuff was safe. I should know better having been here over six month now, but I guess years of bad hosting experiences can make you a little twitchy. :)

You guys really do rock and I appreciate it. :dance:

-Iki

#14 TCH-Rob

TCH-Rob

    Help Desk Manager

  • Members
  • PipPipPipPip
  • 7,797 posts

Posted 26 January 2005 - 10:49 AM

So let me apologize again to everyone at TCH


Iki,

No need, no one is upset. We can understand the frustrations of making sure all is well with our sites. Thanks for understanding the reasons behind the decision.

#15 Head Guru

Head Guru

    Bill Kish Head Guru

  • Admins
  • PipPipPipPip
  • 6,875 posts

Posted 27 January 2005 - 01:21 AM

Group Hug

:thumbup1:

Bill Kish

Head Cook and Bottle Washer

If you need help with your account or have any questions, please feel free to contact me using any of the contact methods below.  I can be reached 24 hours a day seven days per week.

Office :: 800-930-0485 x211
Mobile :: 248-632-3243

email: bill(at)totalchoicehosting.com

Instant Messenger -
AOL Instant Messenger: tchgurubill
Yahoo Messenger : tchgurubill
MSN Messenger : tchgurubill@hotmail.com

Thank you for your support and continued business


#16 Rdaneel75

Rdaneel75
  • Members
  • 4 posts

Posted 07 February 2005 - 11:01 AM

Sorry for the late update, today has been a busy day.

This e-mail was sent to all clients of TCH.


I didn't receive that email. I did get one on the 2/5/2005 requesting that I upgrade, but nothing saying that any files had been uploaded.

#17 JimmyC

JimmyC
  • Members
  • 1 posts

Posted 07 February 2005 - 09:19 PM

I didn't receive that email.  I did get one on the 2/5/2005 requesting that I upgrade, but nothing saying that any files had been uploaded.

<{POST_SNAPBACK}>


Yeah, I was a little surprised by the email, very impersonal (which is unusual from TCH) and very vague. "several older versions of the various blog software" and "all accounts using blogging software" and "make these upgrades immediately to avoid suspension of services. ;) " Now I'm worried. :) I have MT3.14, but TCH staff have patched it so I'm good to go, right? Or am I still required to upgrade to 3.15? :P

#18 TCH-Rob

TCH-Rob

    Help Desk Manager

  • Members
  • PipPipPipPip
  • 7,797 posts

Posted 07 February 2005 - 09:53 PM

Patched is fine. Did you not get the second email Jimmy?

Oh, and welcome to the forums.

#19 TCH-RobertM

TCH-RobertM

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,228 posts

Posted 07 February 2005 - 10:17 PM

Hi Jimmy,
Welcome to the forums :D

#20 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 07 February 2005 - 10:20 PM

:D Welcome to the Family JimmyC ;)

and your new home!

We really are like family here.
So if you need anything,
just ask your new family!
We love to help :)

#21 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 20,135 posts

Posted 08 February 2005 - 08:18 AM

Welcome to the family and forums, Jimmy! ;)

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users