Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

June 13, 2003

Spam Comments

This blog received its first spam comments today. Three comments were posted from

24.125.118.3
c-24-125-118-3.va.client2.attbi.com

which now has the dubious distinction of being the first IP address on my blog’s blocking list.

Two of the comments involved the hack:

<body onload="window.location='http://www.goatse.cx';"/>

using different Comment TextFilters (in the forlorn hope that the choice of TextFilter would make a difference). One simply left http://www.ak47.il/ as a URL.

All three were filtered successfully, and neither the evil Javascript redirect (which would have sent IE users elsewhere upon loading the Individual Entry page), nor the above (bogus) URL, made it into the published comments.

I decided not to delete these comments this time, as further forensics may be interesting.

It’s clear this was just some pimply-faced kid experimenting, rather than a serious spammer. Automated comment-spam attacks could be seriously unpleasant. And I don’t know of an easy solution any more than I know of an easy solution to email spam.

Speaking of email spam, there’s a string theorist in New Jersey who

  • uses comcast.net as a his/her ISP
  • runs Windoze on his/her home computer
  • has either not noticed, or doesn’t care that his/her machine has been infected by some Microsoft Outlook email virus for the past two months.

The IP address of the offending computer has recently been

68.46.139.218
pcp155581pcs.lambrv01.nj.comcast.net

but, being dynamically assigned, is probably subject to change over time.

Up until I started blocking mail from comcast.net (a drastic step, I know), this one individual alone was the source of a half-dozen bogus messages a day to my account. I’d love to unblock comcast.net, so, mystery person, let me know when you’ve fixed your computer …

Posted by distler at June 13, 2003 3:00 AM

TrackBack URL for this Entry:   https://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/175



4 Comments & 0 Trackbacks

Re: Spam Comments

The same principles for apply for accepting HTML for your website as for accepting HTML for your RSS aggregator. “Be very very careful.”

Posted by: David Dorward on June 13, 2003 3:47 AM | Permalink | Reply to this

Re: Spam Comments

Absolutely!

A partial list of accepted XHTML+MathML tags and attributes is given on my comment-entry form. The complete list is here.

It’s not practical to strip all styling information as the MathML production relies on <mstyle> styling to produce the correct rendering. Still, I think I have restricted to a “safe” subset of tags and attributes.

Posted by: Jacques Distler on June 13, 2003 4:10 AM | Permalink | Reply to this

Re: Spam Comments

I hadn’t even considered the danger of the body tag until I read Mark’s article.

Interestingly, XHTML2 has an new Events Module. This module has a <listener> element and a new set of event-related attributes that can be attached to any tag (assuming you provide a proper namespace). It’s pretty nifty and all… but I wonder what the pimply-faced kids of 2006 will be trying to do with this?

Posted by: Evan on June 13, 2003 11:50 AM | Permalink | Reply to this

Re: Spam Comments

We have the same problem in poland. Many spammers flooding our blogs. Thank you for good advices, I will use it on my customers blogs.

Posted by: Powerhost on November 18, 2005 11:37 AM | Permalink | Reply to this

Post a New Comment