Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

Another week, another minor security hole

I just deleted a spam comment in my blog, apparently left by -- wait for it -- user livejournal. I did spend a minute or two confused by that one.

Apparently things are set up so that pingbacks (the notification you get when somebody refers to your post) are sent ostensibly from the main LJ account, rather than from the person who is actually committing the spam. The *content* refers to the spammer, but the header is from the system account. So I can mark the comment as spam, but then it asks me whether to ban livejournal, not the spammer. Presumably the spammer knows this, and is using it as a way to avoid getting quickly bounced.

Oops.

(Clever bit of spam -- I'm still not sure how he triggered the pingback, since the post doesn't obviously refer to mine. The account appears to contain only the one post, some conspiracy theory about the CIA having killed the Portugese Prime Minister. *Very* odd...)
Tags: lj
Subscribe

  • How I Spent My Birthday

    (Warning: diary ramble ahead.) Intercon was scheduled a couple of weeks earlier than usual this year -- our experimental hotel last year wasn't…

  • Hamilton Sing-Along

    Almost done with a *very* long weekend at Arisia. Generally been a great time -- worked hard, got to spend lots of time with friends, and have had a…

  • Musical Comedy

    The annoying cough I've been dealing with for a week finally turned into a full-on, OMFG, now-I-see-why-everyone's-so-draggy Monster Headcold…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments