Hackers using PyCurl to bypass pligg registration process to spam

Pligg Security VulnerabilityOver the past few weeks many pligg based webmasters have been voicing their concern’s over massive spam attacks on their user registrations and comments, some pligg sites have seen 100’s of users registered in a short period of time and all in quick succession. The pligg developers have been feverishly working to release spam modules for pligg to cut down on spam registrations and comments, the technique that is being used to initiate these spam attacks however is down to a code vulnerability within pligg’s user.php file.

A recently written article over at ittoolbox.com has revealed that the spam attacks that pligg webmasters have been suffering over the past month have been due to a code vulnerability. The way these code vulnerabilities are exploited is through an automated script that some unscrupulous person has written specifically to target websites that use the pligg code base. The clever part about this hack is that it completey bypass’s the pligg registration and captcha process, untill the code is patched by the developers it’s virtually impossible to stop with any available modules.

Read the full Article below for full details with image snapshots.

Full Article: ittoolbox.com

If you run a pligg site you might want to keep an eye on this thread for a possible code fix from the developers.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details


Author: on December 13th, 2007

Category: Pligg

Tags: , , , ,

Comments are closed.