« 14 Ways to Motivate Yourself
Ask Game Producer: How to Make My First MMORPG? »

Old MyBlogLog Plugin ‘MyAvatars’ Has a Spam Vulnerability - Update Immediately

January 22nd, 2007 by Juuso Hietalahti
Posted in Announcements

PeterM reported me a spam email problem, which I tracked to be problem of the old v0.1 MyAvatars plugin for WordPress. If you are using MyAvatars plugin to display MyBlogLog images in your blog, make sure you have the latest version. The plugin can be downloaded from here: napolux.com.

In the old version 0.1 the user emails were displayed like “mailto:some.user@somewhere.com”, which lets spam machines to steal email addresses from blogs and then spam to them (if a person who made a comment and gave his email, it was exposed to potential spammers because of the plugin). In the new version 0.2 this problem has been fixed.

One way to check to see if a blog is using an old version. In each comment, there is a small avatar icon near each comment. In the v0.1 (vulnerable) version you could see the following image for those who don’t have a MyBlogLog avatar:

In the new fixed version 0.2 the image is different for those who don’t have an account:
(I’m not 100% sure if this is the way for people to know the version, but I’m pretty sure you can spot the old version by checking the images)

If you know some blogs using MyAvatars plugin (a blog that displays those images) I recommend contacting the blog author and telling them about this problem. I’m sure they would greatly appreciate your effort. I know I did.

Don't miss the good stuff

Get hints and tips to become a better producer. Join the mailing list and get yourself the special resources that won't be available anywhere else (for starters, I'll send you two ebooks about game production and advertisement).
Name:
Email:

Related Posts

» How to Get Rid of Spam
» Spam Count Contest Update (Win Copy of Armadillo Run Game)
» Very Brief Update On the SPAM Contest: You Need to Guess the TOTAL Amount of SPAM Messages
» Experimenting Plugins and Stuff
» Do This When You Get Stuck
» Wordpress Update on Progress

5 Responses to “Old MyBlogLog Plugin ‘MyAvatars’ Has a Spam Vulnerability - Update Immediately”

  1. Wisob.org » Blog Archive » Old MyBlogLog Plugin MyAvatars Has Spam Vulnerability - Update Immediately Says:
    January 22nd, 2007 at 11:28 am

    [...] I made a blog entry about this issue, where you can find more & detailed information: http://www.gameproducer.net/2007/01/…e-immediately/ [...]

  2. Napolux Says:
    January 22nd, 2007 at 2:54 pm

    Please correct the download url for version 0.2

    The right url is:

    http://www.napolux.com/2006/12/14/myavatars-a-wordpress-plugin-for-mybloglog/

  3. Juuso - Game Producer Says:
    January 22nd, 2007 at 2:58 pm

    Updated

  4. Andrea Micheloni Says:
    January 22nd, 2007 at 5:44 pm

    Yes, notice that the “default” image can be changed editing the plugin’s code…

  5. Shameless Solicitation for MyBlogLog Community and MBL Security Issue - Stuntdubl - Search Engine Marketing Consultant Says:
    January 23rd, 2007 at 1:00 am

    [...] Yes - it’s shameless, but I’m not above it. Hell, most of you think I’d hack my own site for links (kidding, kidding) Please join mybloglog community. I can’t honestly say there is much in it for you except a sincere thank you:) The truth is, I just wanna see if I can get up in the ranks of Graywolf, who has cracked the top 50. I also wanted to take this opportunity to post about a security issue that Jusso thankfully alerted me to. Make sure to upgrade your “MyAvatars” plugin if you are running it on your site. The old version includes your users “mailto” address (not cool). For more on the problem, see Jusso’s post, and download the latest version of myAvatars. I love Social Media! - Votes are noticed and appreciated:These icons link to social bookmarking sites where readers can share and discover new web pages. [...]

Leave a Reply

Get your avatar image - click here



If this is the first time you post, your comment will be moderated.