SocialCMSBuzz gets banned from the pligg forums for revealing PYcURL Security Vurnability

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

pligg.no.entry.jpg We had previous indications that the pligg team couldn’t handle criticism well from the experience of reading certain posts in their forums, now however they have turned to banning our forum user account for revealing that Pligg v9.9.0 is still vulnerable to automated PycURL bot spamming attacks. We posted a link in their forums to an article we wrote a few days ago here as to nudge them into fixing the vulnerability which has been outstanding for months, This however resulted in ourselves one of the more active contributors to the pligg project Banned Permanently by YankiDank. Oh! and apparently the ban was for Inappropriate Ranting and theft of some kind of content go figure that one out?.

Pligg love it when their CMS system makes the news and are proud to show off links to articles on their forum in the Pligg News section, it would seem however that they don’t like critical news as much as news patting them on the back saying “Job Well Done”. First off let us just say we don’t dislike the pligg project in anyway and think it’s a pretty good CMS system, we also however don’t shy away from telling the fact’s like they are on this blog and seeing as content is now being censored on the pligg forum that’s got to be a good thing.

Over the past few weeks we received multiple support requests for V9.9.0 of pligg by webmasters experiencing high levels of automated spam, the spam was utilizing a security venerability in pligg to automatically insert users into the database and post spam stories. This is achieved with the bot’s completely negating the pligg registration process, what was more annoying to us was the fact the vulnerability has been present in pligg since v9.8.2 which was released on the 1st September 2007 which is over seven months ago.

A simple fix would have been to integrate the existing email confirmation code into the pligg project which was never done, instead time was spent on other spam fighting modules like askimet which will do nothing for this particular vulnerability.

So how did we manage to get ourselves banned from the pligg forums?

pligg.ban.jpg

Well yesterday i posted a link to the article on the Pligg Forum as a way of bringing to the attention of the developers of a problem that has seriously plagued pligg for seven months now, it would seem someone at pligg couldn’t handle the truth and decided the best way to deal with the situation was to delete our link and ban our forum profile. The downside is that the vulnerability still goes on unfixed.

Getting banned from pligg is their prerogative as all webmasters have the right to select what content they would like there members to read and ultimately who their member are, we are still clueless as to what they refer to in the banned message of Inappropriate Ranting and Content Theft?

Inappropriate Ranting – this could be directed towards revealing security vulnerability in pligg which is far from ranting.

Content Theft – Could be the little pligg image we used in a deckchair photo in our last post but no details were provided.

May we remind Pligg of this article http://socialcmsbuzz.com/free-pligg-template-darkwater-v990-29012008/

It was brought to our attention earlier today in an nice email i received (Thanks Tremor) that a pligg developer of all people decided to edit one of our previous free pligg templates CoolWater and breach the Creative Commons License it was released under originally from styleshout.com and ourselves to make a quick buck without giving credit to the original template author.

We didn’t ban anyone and after pligg removed the template from their store we even offered to construct a few templates for pligg to sell and retain 100% of the profits. See no hard feelings from us when the pligg developers broke the creative commons license on one of our templates and all was settled amicably.

We would really like to know what is being referred to as Theft Of Content and would be more than happy read any mails or discuss this matter further with the pligg team, YankiDank had tried to send us a message at the pligg forums but because we were banned it could’nt be retreived.

If any member of the pligg team would like to discuss the ban further please contact us from our contact for as we certainly have a few questions for you guys

And if you want great press in the future for Pligg, try to fix code vurnabilites faster than in a seven month ime frame and we will praise you to high heaven.

BlinklistBloglinesBlogmarksDiggdel.icio.usFacebookFurlRedditStumbleUponTechnorati

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

Author: Lincoln on April 3rd, 2008

Category: Pligg

Tags: banned, free speech, Pligg, security

23 Comments
5 Trackbacks

Unknown says:

April 9, 2008 at 4:04 am

Can’t believe a great contributor such as Geoserv has been banned and now socialcmsbuzz also. And I’m not too surprised to hear that ashdigg left also.

I think Ashdigg’s entrourage have taken the project from him and tried turning it into a cash cow. Most of the big developers now are only pushing their overpriced mods (250$!! – I could buy a whole script well written like socialengine with 250$).

Lots of people have been trying to use the Pligg CMS to do something with it, but unless you were there from the beginning, or know php, you won’t find it easy to start with it, this unfortunately led to lots of people abandoning it.

I suggest that some developers who have a hobby for developping, make a branch out of pligg (just like pligg was a branch of meneame) and continue it’s developement.

Pligg has the potential to be a big time CMS just like Joomla, but just needs some people not looking to make instant cash out of it, and some time on their hands. In fact, if we can put it back on it’s legs, I’m sure new developers will flock anew to the new project.

Oh and by the way, great new design for the site, and what do you think about expanding and covering other web resources?
Jason says:

April 9, 2008 at 4:51 pm

Did Ashdigg start a new CMS?
Geoserv says:

April 10, 2008 at 2:21 pm

As of today my ban was lifted by Yankidank, so I hope to be contributing again soon.

Pligg does have great potential with the right leadership.

I recently developed Pliggs.com and will be posting templates, mods, hacks tutorials, and you can even post a link to your Pligg in the directory as well.

Most of my contributions will be posted there as well and of course, this blogs work will be on there as well.

This blog has done a lot for Pligg and hopefully the ban will be lifted for socialcms soon.

Thanks for the kind words above.

http://www.pliggs.com
D. Cotton says:

April 12, 2008 at 1:19 pm

It’s all a bit daft to start throwing around bannings. There are so few of us who are active members of the Pligg project – very, very few in terms of coding, and few in terms of a willingness to engage with the community and come up with constructive ideas.
As for the idea that they are going for ‘a quick buck’, well, developers deserve financial compensation for their work. And it may not equal a commercial rate, but the donations system for Pligg wasn’t bringing in much money.
A small group of developers can’t just run on goodwill alone forever. People have their careers, families, social life to attend to as well.
blogengage says:

April 18, 2008 at 8:20 pm

How do yopu guys get trackbacks with pligg I have 9.8.2 and can’t get it to work

Any advice I’ll meet you in the cms forums!
sidlyderious says:

April 21, 2008 at 9:44 am

May I ask whether you sent them an email or Private Message to discuss the vulnerability or did you hit the forums first to publish the problem, please?

There is a major problem when vulnerabilities are simply published on forums for everyone to see.

You may have an axe to grind with Pligg however often irresponsible behavior can put many user sites at risk.

There is a right way and a wrong way.

I have no idea which method you chose.
JoeHunk says:

April 23, 2008 at 6:34 pm

What a story. Didn’t know this happened to many pligg forum members, ’til I stumbled on Geoserve blog on pligss.com. Have you seen drigg yet?
Geoserv says:

April 24, 2008 at 2:41 am

Yet again I have been banned.

This time by chuckroast.

I was banned for visiting Pligg powered websites and filling out their contact forms informing them of my new Pligg directory, chuckroast got one of those emails and flipped.

So he banned me from the Pligg forums.

Im not sure what using a contact form on a website has to do with Pligg forums. Whats wrong with informing poeple of something.

I wasn’t charging to list their website. It was FREE.

But then again chuckroast has his own directory so you draw the conclusions.

He then went on to defame my name openly on the forums, very mature. He can’t handle competition I guess.

I would like to see a list of people who complained, his would be the only name on it.

What does me using a contact form on a website using the Pligg script have to do with the Pligg forums? Nothing!

chuckroasts hardon for me has to stop, other high profile members have called him out on it this week and I appreciate their support.

This isn’t right.
thomas says:

April 24, 2008 at 11:41 pm

this all sux ! i am running a pligg powered site too. but i will close it down in the next days because:
a. i hate it when good people are beiing banned
b. the whole system is buggy as hell ….
c. this is no fun anymore
Geoserv says:

April 25, 2008 at 1:16 am

Thomas, we are more than willing to help. Pligg is a good script, but it does have some issues that seem to have been problems for a long time with no clear direction on fixing them.

You can get help here and I will be keeping http://www.pliggs.com going.

Its really disappointing that people I have helped have decided to turn on me openly on the Pligg forums, nice toy our face though. One of them even emailed me showing support but now I see him going a long with chuckroast just to suck up I guess.

Geoserv.