Plone appears on the spammers radar

As Plone becomes more and more mainstream, it has appeared on the radar of spammers. They are targeting community sites where people are allowed to sign up without moderation, and using scripts to create loads of false members. A weakness in the way user portraits are handled is being exploited to inject javascript redirects in, so that people visiting a profile page (or anywhere else where portraits are displayed?) are redirected to other sites. If you are affected by this, or don’t want to be – here’s how to sort it out