Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

Another week, another minor security hole

I just deleted a spam comment in my blog, apparently left by -- wait for it -- user livejournal. I did spend a minute or two confused by that one.

Apparently things are set up so that pingbacks (the notification you get when somebody refers to your post) are sent ostensibly from the main LJ account, rather than from the person who is actually committing the spam. The *content* refers to the spammer, but the header is from the system account. So I can mark the comment as spam, but then it asks me whether to ban livejournal, not the spammer. Presumably the spammer knows this, and is using it as a way to avoid getting quickly bounced.

Oops.

(Clever bit of spam -- I'm still not sure how he triggered the pingback, since the post doesn't obviously refer to mine. The account appears to contain only the one post, some conspiracy theory about the CIA having killed the Portugese Prime Minister. *Very* odd...)
Tags: lj
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments