This is a single archived entry from Stefan Tilkov’s blog. For more up-to-date content, check out my author page at INNOQ, which has more information about me and also contains a list of published talks, podcasts, and articles. Or you can check out the full archive.

Yet Another (Boring) Spam Comment Attack

Stefan Tilkov,

Sometimes having not that many ‘real’ comments is nice: mysql> delete from mtcomment where commentcreated_on > ‘2004-05-22’; Query OK, 1133 rows affected (0.12 sec)

Even automated, setting the whole thing up must have taken the spammer much longer than 0.12 seconds :-)

What made the spam comments get through in the first place was that the URLs were using not ASCII letters, but Unicode numeric values (like http://casinos-jp.com), so the MT-Blacklist regexp covering ‘casino’ didn’t catch it. I have now added an appropriate catch-all regexp for any URI containing & — hopefully that will stop it next time. (And yes, I know this will catch some legitimate URIs as well, but so what.)

On May 24, 2004 10:04 AM, Adriaan said:

Ha, I had that, too. I’m actually happy these moronic spammers are using html entities. It makes blocking comment spam so much easier.

On June 4, 2004 1:08 AM, Jay Allen said:

Hey there. Just catching up on reading and referrers. In case you haven’t seen it, v1.64 (released three days before you posted this) takes care of this problem.

Stupid, stupid, stupid bug. Entity escaping was present in v1.0a. But somehow it got masked… shrug