SocialCMSBuzz gets banned from the pligg forums for revealing PYcURL Security Vurnability

pligg.no.entry.jpgWe had previous indications that the pligg team couldn’t handle criticism well from the experience of reading certain posts in their forums, now however they have turned to banning our forum user account for revealing that Pligg v9.9.0 is still vulnerable to automated PycURL bot spamming attacks. We posted a link in their forums to an article we wrote a few days ago here as to nudge them into fixing the vulnerability which has been outstanding for months, This however resulted in ourselves one of the more active contributors to the pligg project Banned Permanently by YankiDank. Oh! and apparently the ban was for Inappropriate Ranting and theft of some kind of content go figure that one out?.

Pligg love it when their CMS system makes the news and are proud to show off links to articles on their forum in the Pligg News section, it would seem however that they don’t like critical news as much as news patting them on the back saying “Job Well Done”. First off let us just say we don’t dislike the pligg project in anyway and think it’s a pretty good CMS system, we also however don’t shy away from telling the fact’s like they are on this blog and seeing as content is now being censored on the pligg forum that’s got to be a good thing.

Over the past few weeks we received multiple support requests for V9.9.0 of pligg by webmasters experiencing high levels of automated spam, the spam was utilizing a security venerability in pligg to automatically insert users into the database and post spam stories. This is achieved with the bot’s completely negating the pligg registration process, what was more annoying to us was the fact the vulnerability has been present in pligg since v9.8.2 which was released on the 1st September 2007 which is over seven months ago.

A simple fix would have been to integrate the existing email confirmation code into the pligg project which was never done, instead time was spent on other spam fighting modules like askimet which will do nothing for this particular vulnerability.

So how did we manage to get ourselves banned from the pligg forums?

pligg.ban.jpg

Well yesterday i posted a link to the article on the Pligg Forum as a way of bringing to the attention of the developers of a problem that has seriously plagued pligg for seven months now, it would seem someone at pligg couldn’t handle the truth and decided the best way to deal with the situation was to delete our link and ban our forum profile. The downside is that the vulnerability still goes on unfixed.

Getting banned from pligg is their prerogative as all webmasters have the right to select what content they would like there members to read and ultimately who their member are, we are still clueless as to what they refer to in the banned message of Inappropriate Ranting and Content Theft?

Inappropriate Ranting – this could be directed towards revealing security vulnerability in pligg which is far from ranting.

Content Theft – Could be the little pligg image we used in a deckchair photo in our last post but no details were provided.

May we remind Pligg of this article http://socialcmsbuzz.com/free-pligg-template-darkwater-v990-29012008/

It was brought to our attention earlier today in an nice email i received (Thanks Tremor) that a pligg developer of all people decided to edit one of our previous free pligg templates CoolWater and breach the Creative Commons License it was released under originally from styleshout.com and ourselves to make a quick buck without giving credit to the original template author.

We didn’t ban anyone and after pligg removed the template from their store we even offered to construct a few templates for pligg to sell and retain 100% of the profits. See no hard feelings from us when the pligg developers broke the creative commons license on one of our templates and all was settled amicably.

We would really like to know what is being referred to as Theft Of Content and would be more than happy read any mails or discuss this matter further with the pligg team, YankiDank had tried to send us a message at the pligg forums but because we were banned it could’nt be retreived.

If any member of the pligg team would like to discuss the ban further please contact us from our contact for as we certainly have a few questions for you guys :)

And if you want great press in the future for Pligg, try to fix code vurnabilites faster than in a seven month ime frame and we will praise you to high heaven.

If you enjoyed this post, make sure you subscribe to our RSS feed!

Article Details

#

Author: Lincoln on April 3rd, 2008

Category: Pligg

Tags: , , ,

  1. Apeseestaiz says:

    Is this gonna end someday??

  2. dead_drederS says:

    Priveet!! Medveed!!!

  3. prooffappergo says:

    the best of black sabbath black sabbath embryo vanguard 07 26 various artists love is the only way the cool lp fiasco free chilly version mark ronson apply some pressure featuring paul smith boys dont cry the cure grinding halt music download reviews just like you keyshia cole just like you eighties complete various artists golden brown all the right reasons nickelback someone that youre with vanguard 07 26 various artists climbing the walls the cool lp fiasco gold watch

  1. socialcmsbuzz.com
  2. topstumbles.com
  3. XML Sitemaps Module v0.5 For Pligg V9.9.0 Released | Social CMS Buzz
  4. bloggingzoom.com
  5. SocialCMSBuzz gets banned from the pligg forums for revealing PYcURL Security Vurnability | Pliggs

Leave a Reply