Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

Another week, another minor security hole

I just deleted a spam comment in my blog, apparently left by -- wait for it -- user livejournal. I did spend a minute or two confused by that one.

Apparently things are set up so that pingbacks (the notification you get when somebody refers to your post) are sent ostensibly from the main LJ account, rather than from the person who is actually committing the spam. The *content* refers to the spammer, but the header is from the system account. So I can mark the comment as spam, but then it asks me whether to ban livejournal, not the spammer. Presumably the spammer knows this, and is using it as a way to avoid getting quickly bounced.

Oops.

(Clever bit of spam -- I'm still not sure how he triggered the pingback, since the post doesn't obviously refer to mine. The account appears to contain only the one post, some conspiracy theory about the CIA having killed the Portugese Prime Minister. *Very* odd...)
Tags: lj
Subscribe

  • The Third Way: Beyond Fun and Authenticity

    I just came across this marvelous essay on the SCA fun/authenticity false dichotomy, and a different way of looking at it. It was written some…

  • Fairy Lights

    One surprising highlight from 50 Year doesn't seem to have made it into many accounts -- I think our encampment was particularly well-placed in this…

  • Animal-friendly events are just *different*

    (As usual for when I've attended something long, I'll be posting some random reminiscences.) Being held at a 4-H Fairground, SCA 50th Year was just…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments