Using Bugzilla to hide spam sites

Gervase Markham gerv at
Mon May 14 10:42:44 UTC 2007


I just had the below spam comment posted to my blog. It struck my eye 
because the URL is a Bugzilla attachment URL.
Viewing it in "edit" mode:
shows that the spammer has attached a copy of their pills sale page. It 
turns out that it contains embedded obfuscated JS code which redirects 
you to the real thing if you visit the attachment. So they are using 
Bugzilla to avoid any domain blacklists in my blogging software.

I'm not sure there's much we can do about this. The spammer obviously 
took time to create an account - perhaps automatically, perhaps not. 
Short of implementing Captchas for account signup, or refusing to 
display HTML attachments as HTML, I can't see a counter.



-------- Original Message --------
Subject: [Hacking for Christ] New Comment Posted to 'More Times Articles'
Date: Sat, 12 May 2007 18:58:53 +0000 (UTC)
From: kzyumv at
To: gerv at

A new comment has been posted on your blog Hacking for Christ, on entry 
#10119 (More Times Articles).

View this comment: 
Edit this comment: 

IP Address:
Name: buy online tramadol
Email Address: kzyumv at

Very good site. Thank you. buy online tramadol

Powered by Movable Type
Version 3.32

More information about the developers mailing list