Using Bugzilla to hide spam sites
Gervase Markham
gerv at mozilla.org
Mon May 14 10:42:44 UTC 2007
Developers,
I just had the below spam comment posted to my blog. It struck my eye
because the URL is a Bugzilla attachment URL.
Viewing it in "edit" mode:
http://bugzilla.lyx.org/attachment.cgi?id=1638&action=edit
shows that the spammer has attached a copy of their pills sale page. It
turns out that it contains embedded obfuscated JS code which redirects
you to the real thing if you visit the attachment. So they are using
Bugzilla to avoid any domain blacklists in my blogging software.
I'm not sure there's much we can do about this. The spammer obviously
took time to create an account - perhaps automatically, perhaps not.
Short of implementing Captchas for account signup, or refusing to
display HTML attachments as HTML, I can't see a counter.
Thoughts?
Gerv
-------- Original Message --------
Subject: [Hacking for Christ] New Comment Posted to 'More Times Articles'
Date: Sat, 12 May 2007 18:58:53 +0000 (UTC)
From: kzyumv at hotmail.com
To: gerv at mozilla.org
A new comment has been posted on your blog Hacking for Christ, on entry
#10119 (More Times Articles).
View this comment:
<http://weblogs.mozillazine.org/gerv/archives/2006/04/more_times_articles.html>
Edit this comment:
<http://weblogs.mozillazine.org/mt/mt.cgi?__mode=view&_type=comment&id=1029090&blog_id=25>
IP Address: 200.80.204.142
Name: buy online tramadol
Email Address: kzyumv at hotmail.com
URL: http://bugzilla.lyx.org/attachment.cgi?id=1638
Comments:
Very good site. Thank you.
http://bugzilla.lyx.org/attachment.cgi?id=1638 buy online tramadol
--
Powered by Movable Type
Version 3.32
http://www.sixapart.com/movabletype/
More information about the developers
mailing list