zenphoto has a spam bug in it

sm5wa1.php

method :

95.224.44.138 - - [31/Dec/2011:01:48:29 +0100] "POST /zenphoto/zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/sm5wa1.php HTTP/1.1" 200 34 "-" "-"

==> error_log <== [Sat Dec 31 01:48:30 2011] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!

result is they get a email out with customers domain. my advice is at the moment disable this script like i did

Status: 
Active

Comments

This seems more like a Zenphoto bug that a Virtualmin bug .. and as soon as Zenphoto fixes this issue, we will release a new installer that supports their new version.

PatrickLambooy's picture
Submitted by PatrickLambooy on Sat, 12/31/2011 - 02:14 Pro Licensee

shouldnt you guys give a warning or any kind of that ?

I think it would be hard for us to keep track of every bug in every script we install - instead, we just try to release timely updates to installers.

I'd suggest filing a bug against zenphoto for this - hopefully they will release a fix quickly. As a work-around, you can prevent your users from installing zenphoto at System Settings -> Script Installers -> Disable Scripts.