What a way to wake up! One thousand and thirty five new comments, all of them pushing a site called 'learntoplay.com' and selling everything from penis enlargements to poker chips and cheats. The bastards had figured out a way around my clever little entry hack.

Luckily (for me) I actually got to watch the attack in progress, and so discovered the hole in the script: it was trackbacks.

Blosxom treats trackbacks exactly like writebacks, only from a remote location. There is no chance to validate against anything in this situation, and if the spammer is clever and rotates (spoofs) his IP's, even blacklisting won't work. So, trackbacks are gone.

And just for good measure, I've changed the ID code necessary to enter a writeback - from seventeen seventy six to seventeen ninety three (from the Declaration of Independence to the start of the Reign of Terror in France). So be alert!

All I can say is that these spammers are bastards, and they're killing the Internet. They must be stopped: in email, on forums, in blogs, feeds and chatrooms. If we, the "good" users of the 'Net fail to stifle this proliferation of crap, then the whole net will devolve into a series of closely guarded private networks, and we'll have lost the best opportunity yet for reaching a truely global communication portal.

Tue, 01 Feb 2005 00:00 /Home | 2 writebacks | permanent link