My blog has been PWNED

Published Thu, Jul 21 2005 7:25 | William

So looks like the lower kced one [lco] ..  Yep, I just got NAILED with BLOG SPAM last night, and it wasn't from the API either.  It's a great spam too.. encouraging people to spam the sh1t out of public newsgroups a minimum of 200 times each so that they can 'honestly' make money. There's a bunch of biblical references in it and actually reads a lot like that "A Simple Plan" or "Three Simple Steps" commercials on XM Radio that target Christians (whether or not the mechanics are the same is another issue, they just resemble each other as far as the sales pitch goes).

So I guess you'll fall into one of two camps on this:  A)  lower kced one tipped off the blog spammers and taught them how to do this B) lower kced one pointed out the vulnerability and warned that this was going to happen b/c it was within reach for most developers with the determination to pull it off.  We all know where I stand on this one.

Now, I'm guessing that I will have the joy of spending 10-20 minutes a day cleaning the crap off of my blog which is going to be fun. And the best part is that, well, if they've beaten the CAPTCHA, then we get all the fun of 1) Having to deal with the CAPTCHA often not letting you post 2)  Cleaning up SPAM.  Maybe if the Senate would pull their collective heads out of their a33e3, they could do something about SPAM instead of putting stupid warning labels on video games.  And this is one issue I actually think warrants the death penalty on.  B4STARDS

Filed under: , ,

Comments

# William said on July 21, 2005 9:33 AM:

Sucks man. But timely considering one of my latest blog entries. I dare anyone to say that this is caseys fault. He threw up the red flags months ago and people did nothing.

Anywya, sorry about the spam

# William said on July 21, 2005 10:10 AM:

dont forget camp C) that i did it.
they like to throw that one out there too :(

# William said on July 21, 2005 6:22 PM:

KC - I forgot about that camp. I had heard some musings about that a few times, but I didn't really think they were being serious. After all, if they knew you, they'd know you don't roll like that and more importantly, you'd actually do something 'real' if you decided to go evil. Or, you'd at least be cool about it and post lesbian porn links or something.

Scott - I totally agree with you bro, but honestly, KC took some serious heat over that. Hell, there was a chorus calling for my head too b/c I gave KC props for it and refused to condemn it. He didn't IMHO do anything wrong and he went about it totally cool. One comment isn't 'spam' and posting your real identity and link back isn't what's causing all the problems... it's the bullsh1t spam.

Then as now, i think KC did us a service b/c he pointed out that any sense of security from CAPTCHA is more illusion than fact. Plus he showed me that there was a timer on it and that's why I often couldn't post (I thought I was just a dislexic dumbass all the time).

# TrackBack said on July 21, 2005 7:35 PM:

Yikes, I'm back on track with my reading and work and development and other stuff.  That means I...

# William said on July 25, 2005 2:45 PM:

I'm posting this reply using the CommentAPI crap that RSSBandit uses. That and the trackback API completely bypass the CAPTCHA.

Until something is done about those two services, you'll continue to have the problem. You could disable the web service for your own blog, but I think that drops trackbacks but I could be wrong. I think Community Server addresses some of this but I may be wrong. Hopefully SubText will take a good look at the services and put in some kind of protection because they need it badly. I could make a spam bot in a matter of minutes that could spam the crap out of multiple blogs with little effort on my part. Casey may have brought up the idea, but security by obscurity is a lame practice anyway. Sadly nothing's been done or attempted to address the problem it appears. This isn't something you or I as blog users can fix, it's something "Those with the Source" (tm) have all the power to combat, yet they seem to be sleeping on the job.

# TrackBack said on August 8, 2005 5:07 AM:

My blog has been PWNEDooeess

Search

This Blog

Tags

Community

Archives

News

My other sites

Cool Stuff

Book Stuff

Security

ORM

Data Access

Funny Stuff

Compact Framework Stuff

Web Casts

My KnowledgeBase Articles

My MVP Profile

Design Patterns

Performance

Debugging

Remoting

My Fellow Authors

My Books

LINQ

Misc

Speech

Syndication

Email Notifications