This week a vulnerability has been discovered in Movable Type. Until today, I did not have the time to upgrade my MT installation, and I hoped that my site had not yet been attacked.
After upgrading I found an e-mail message from my hosting provider, stating that they had patched all MT installations on their servers!!!! Even though they don't support any software installed by their clients, they already patched my system to prevent damage. Each month I am getting happier with TotalChoice Hosting.
; "Twitter conversation")
; "Movable Type")
; "CeBIT")
; "ClamWin updating")
; "Google Notebook - New!")
; "Events report by file type")
; "Google Analytics")
; "Jesus at Christmas")
; "from e-mail to Enterprise Social Software")
; "Eleven")
I've never used MT myself, but is it possible that one could have manually modified (customised) the area of MT that needed to be patched? Because I typically like to fiddle around with things, and if I find that my modified code has simply been overwritten by my hosting provider I wouldn't have felt too happy. But maybe they would have detected that it's modified and then left it alone.
Still fantastic news that hosting providers are starting to get so "on the ball" though!
Six Apart solved the exploit in two ways: with an upgrade and a plug-in. My hosting provider simply added the plugin file, so no code had been changed. After that I installed the update, of course looking carefully at any modifications I made to the scripts.