MT comment spam hack

Some moron using the IP address 61.181.5.80 (which resolves to "CHINANET Tianjin province network", needless to say that it's been banned now) has left a spam in a comment on one of my posts. At least it tasted like a spam (I don't write about or call for comments on pills and tits on this site) and looked like a comment (email notification, listed on the recent comments, etc.) but I soon realized that the entry body had completely been wiped out and replaced by that spam.

Weird.

Has anyone seen this before?

Update: I received an email from Ben Trott explaining it, and it's an unfortunate chain of events associated with a bug in Safari:

This is actually a bug in Safari (I assume that is what you're using? [yes]), unfortunately. What happens is this:

1) You go to edit a comment on the edit comment screen.
2) You delete the comment.
3) Your browser is redirected to the edit entry screen for the entry on which the comment was made.
4) The text of the entry is filled in with the text of the comment.
5) You save the entry to republish that entry, removing the comment from the public site.

The bug in Safari is #4 in the above steps--it seems that Safari will fill in form fields with the values from a form on the previous page, if the previous page has redirected to the current page. This is an awful bug, and I've emailed the Safari team at Apple (didn't get a response, but I assume they're rather busy). We've tried working around it by using Safari's suggested no-cache headers, etc., but that didn't help.

Just something to be careful of until it's fixed, I guess. Sorry about that. (But it's not a hack.)

I discovered another problem today, and that one may not be linked to a browser bug. I used the "search entries" form to find the troubled entry. I entered a few keywords in the search field and hit return, a rather natural way of using a search box. Except that MT performed a search and replace, replacing all occurences of those keywords in my entire site with nothing.

3 Comments

How is that even possible? Do you allow any unrestricted code to be submitted via your comments? I know things like this used to be possible in earlier versions (of MT) but I think the holes have pretty well been filled in at this point. What version are you running?

J'ai déjà eu le problème du commentaire qui se retrouve à la place du billet, juste après une suppression de commentaire. Très agaçant, mais dieu merci, j'ai toujours réussi à rattraper mon texte original avec le bouton "back". Il y a un autre problème avec Safari, c'est le timeout de 60 secondes qui arrive trop tôt lors de la création d'un nouveau billet (avec 4 pings...) et génère un message d'erreur 1 fois sur 2. Bref, mieux vaut utiliser MT avec Camino...

im gay

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...