Cory R. King wrote: > Greetings All, > > I've recently had a customer uncover a "user" who created several > scoop accounts on her website, uploaded some lovely images of Viagra > pills and medicine bottles via scoop's upload system, and then > proceeded to hotlink to them in some spam. > > The lesson? > Don't let normal users have the ability to upload files on your scoop > site. Only grant the ability to upload to those you know and trust. > > If you have been allowing uploads to random users, you might want to > check that your site hasn't already been abused. If you ain't got > Viagra pills, I'll bet you'll find at least one myspace weenie hiding > out instead*. > > Cheers! > I've had this on HuSi as well. Although I don't intend to turn uploading off, I'm going to restrict it some more. I've had two instances of people uploading html files, and then linking to them from comment spam on other sites. I've already got Cory's hotlinking rewrite rules, and they've stopped hotlinking of images. I just need to do the same for html files now as well.