Top

MovableType Warning (or what happens when you don’t read the manual)

I wasn’t sure if I wanted to run this by you all, but if you are a MovableType user, and haven’t read the install notes, then shame on you, and please make sure to fix this “security problem“.

If you followed the installation manual, you shouldn’t have anything to worry about. If you just installed it without making sure to remove some important files after the install (which is very clearly pointed out in the manual), then you are in trouble. Seems like there is quite a lot of people not making sure to remove these files after installation.. But I am sure that doesn’t apply to any one of you guys and gals out there :-)

Chris Hileman:

there is a hacker or group of hackers out there who are getting into MT blogs. It is not a problem with MT but it IS a possible problem with installation. If you did not delete you mt-load.cgi or your mt-updrade.cgi DO IT NOW! These hackers are running these files which writes the default user back into the user database. That then allows them to access you blog and reek havoc on it. Again, make sure to delete thoses files ASAP!

[Via PocketBlog]

PS: Which reminds me about a story that Wired was running just a day or so ago: “Read The F***ing Story, Then RTFM

Comments are closed.