SocialCMSBuzz gets banned from the pligg forums for revealing PYcURL Security Vurnability

pligg.no.entry.jpgWe had previous indications that the pligg team couldn’t handle criticism well from the experience of reading certain posts in their forums, now however they have turned to banning our forum user account for revealing that Pligg v9.9.0 is still vulnerable to automated PycURL bot spamming attacks. We posted a link in their forums to an article we wrote a few days ago here as to nudge them into fixing the vulnerability which has been outstanding for months, This however resulted in ourselves one of the more active contributors to the pligg project Banned Permanently by YankiDank. Oh! and apparently the ban was for Inappropriate Ranting and theft of some kind of content go figure that one out?.

Pligg love it when their CMS system makes the news and are proud to show off links to articles on their forum in the Pligg News section, it would seem however that they don’t like critical news as much as news patting them on the back saying “Job Well Done”. First off let us just say we don’t dislike the pligg project in anyway and think it’s a pretty good CMS system, we also however don’t shy away from telling the fact’s like they are on this blog and seeing as content is now being censored on the pligg forum that’s got to be a good thing.

Over the past few weeks we received multiple support requests for V9.9.0 of pligg by webmasters experiencing high levels of automated spam, the spam was utilizing a security venerability in pligg to automatically insert users into the database and post spam stories. This is achieved with the bot’s completely negating the pligg registration process, what was more annoying to us was the fact the vulnerability has been present in pligg since v9.8.2 which was released on the 1st September 2007 which is over seven months ago.

A simple fix would have been to integrate the existing email confirmation code into the pligg project which was never done, instead time was spent on other spam fighting modules like askimet which will do nothing for this particular vulnerability.

So how did we manage to get ourselves banned from the pligg forums?

pligg.ban.jpg

Well yesterday i posted a link to the article on the Pligg Forum as a way of bringing to the attention of the developers of a problem that has seriously plagued pligg for seven months now, it would seem someone at pligg couldn’t handle the truth and decided the best way to deal with the situation was to delete our link and ban our forum profile. The downside is that the vulnerability still goes on unfixed.

Getting banned from pligg is their prerogative as all webmasters have the right to select what content they would like there members to read and ultimately who their member are, we are still clueless as to what they refer to in the banned message of Inappropriate Ranting and Content Theft?

Inappropriate Ranting – this could be directed towards revealing security vulnerability in pligg which is far from ranting.

Content Theft – Could be the little pligg image we used in a deckchair photo in our last post but no details were provided.

May we remind Pligg of this article http://socialcmsbuzz.com/free-pligg-template-darkwater-v990-29012008/

It was brought to our attention earlier today in an nice email i received (Thanks Tremor) that a pligg developer of all people decided to edit one of our previous free pligg templates CoolWater and breach the Creative Commons License it was released under originally from styleshout.com and ourselves to make a quick buck without giving credit to the original template author.

We didn’t ban anyone and after pligg removed the template from their store we even offered to construct a few templates for pligg to sell and retain 100% of the profits. See no hard feelings from us when the pligg developers broke the creative commons license on one of our templates and all was settled amicably.

We would really like to know what is being referred to as Theft Of Content and would be more than happy read any mails or discuss this matter further with the pligg team, YankiDank had tried to send us a message at the pligg forums but because we were banned it could’nt be retreived.

If any member of the pligg team would like to discuss the ban further please contact us from our contact for as we certainly have a few questions for you guys 🙂

And if you want great press in the future for Pligg, try to fix code vurnabilites faster than in a seven month ime frame and we will praise you to high heaven.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on April 3rd, 2008

Category: Pligg

Tags: , , ,

  1. sidlyderious says:

    May I ask whether you sent them an email or Private Message to discuss the vulnerability or did you hit the forums first to publish the problem, please?

    There is a major problem when vulnerabilities are simply published on forums for everyone to see.

    You may have an axe to grind with Pligg however often irresponsible behavior can put many user sites at risk.

    There is a right way and a wrong way.

    I have no idea which method you chose.

  2. JoeHunk says:

    What a story. Didn’t know this happened to many pligg forum members, ’til I stumbled on Geoserve blog on pligss.com. Have you seen drigg yet?

  3. Geoserv says:

    Yet again I have been banned.

    This time by chuckroast.

    I was banned for visiting Pligg powered websites and filling out their contact forms informing them of my new Pligg directory, chuckroast got one of those emails and flipped.

    So he banned me from the Pligg forums.

    Im not sure what using a contact form on a website has to do with Pligg forums. Whats wrong with informing poeple of something.

    I wasn’t charging to list their website. It was FREE.

    But then again chuckroast has his own directory so you draw the conclusions.

    He then went on to defame my name openly on the forums, very mature. He can’t handle competition I guess.

    I would like to see a list of people who complained, his would be the only name on it.

    What does me using a contact form on a website using the Pligg script have to do with the Pligg forums? Nothing!

    chuckroasts hardon for me has to stop, other high profile members have called him out on it this week and I appreciate their support.

    This isn’t right.

  4. thomas says:

    this all sux ! i am running a pligg powered site too. but i will close it down in the next days because:
    a. i hate it when good people are beiing banned
    b. the whole system is buggy as hell ….
    c. this is no fun anymore

    🙁

  5. Geoserv says:

    Thomas, we are more than willing to help. Pligg is a good script, but it does have some issues that seem to have been problems for a long time with no clear direction on fixing them.

    You can get help here and I will be keeping http://www.pliggs.com going.

    Its really disappointing that people I have helped have decided to turn on me openly on the Pligg forums, nice toy our face though. One of them even emailed me showing support but now I see him going a long with chuckroast just to suck up I guess.

    Geoserv.

  6. Apeseestaiz says:

    Is this gonna end someday??

  7. dead_drederS says:

    Priveet!! Medveed!!!

  8. prooffappergo says:

    the best of black sabbath black sabbath embryo vanguard 07 26 various artists love is the only way the cool lp fiasco free chilly version mark ronson apply some pressure featuring paul smith boys dont cry the cure grinding halt music download reviews just like you keyshia cole just like you eighties complete various artists golden brown all the right reasons nickelback someone that youre with vanguard 07 26 various artists climbing the walls the cool lp fiasco gold watch