Previous Entry Share Next Entry
Another week, another minor security hole
device
jducoeur
I just deleted a spam comment in my blog, apparently left by -- wait for it -- user livejournal. I did spend a minute or two confused by that one.

Apparently things are set up so that pingbacks (the notification you get when somebody refers to your post) are sent ostensibly from the main LJ account, rather than from the person who is actually committing the spam. The *content* refers to the spammer, but the header is from the system account. So I can mark the comment as spam, but then it asks me whether to ban livejournal, not the spammer. Presumably the spammer knows this, and is using it as a way to avoid getting quickly bounced.

Oops.

(Clever bit of spam -- I'm still not sure how he triggered the pingback, since the post doesn't obviously refer to mine. The account appears to contain only the one post, some conspiracy theory about the CIA having killed the Portugese Prime Minister. *Very* odd...)
Tags:

?

Log in

No account? Create an account