Piroli wrote an entry about a little problem “mt-check.cgi” 2year ago.
In this entry, he suggested to change the file name of “mt-check.cgi” because it could be a threat for your server, because anyone could view your server information.
When an arbitrary user find your Movable Type’s path information, he can check your server information too – a version of Perl, installed CPAN modules, and other things. “Mt-check.cgi” is usually located under the MT’s installed path directly, so anyone can access to the file.
To conceal your information, Piroli suggested 2 ways.
1. changing “mt-check.cgi”‘s permission, f.e. 644 so anyone can access and get the erver infortmain (but it is inconvenient because you can’t view the infomation neither)
2. changin your file name. For example, “mt-secret-check.cgi”.
After that, you can set your own check-file-name in “mt-config.cgi”.For example,
CheckScript mt-secret-check.cgi
An environmental variable, “CheckScript” can modify your checking file’s name.
Please visit and give it a shot if you are interested in his entry.
* There is an information about “mt-check.cgi” and “CheckScript” in “MovableType.org” so please access to the page too.
Leave a comment