akismet vulnerability announced

There isn’t much detail posted yet, but it appears the akismet plugin for WordPress 2.1.3 (and probably others) has some vulnerability in it. Right now, the only mitigation really is to turn off the plugin unless details/updates are released to see if I am vulnerable (I don’t use WordPress).

Heck, I already get enough spam, and I have been watching as it slowly spreads from a couple core posts to other older posts. Oddly, this weekend about 30 spam comments got through (even as my own comments get moderated!). It’s really just a losing proposition in the end, unless someone really babysits their blog or enforces registration (blech!). At least I babysit for now. I should try to go through my junk list (1399 spam comments saved) and see if there is any sort of IP correlation or what. I kinda doubt it, but maybe I can at least filter some more keywords beyond the obvious…

Posted in web