"A Man's a Man for all that!" - Rabbie Burns

"Religion? No thanks. I prefer not to outsource my brainwashing."
Trying to get your average Joe creationist to understand the phrase scientific theory is as hard as getting a fish to enjoy mountaineering. Its an unimagined world for them - it requires a complete reversal of their normal modes of thinking and being. The fact that humans could explain the complexities of this world without a creating God is a world view they cannot grasp. It's like asking a tuna if it appreciates the view from the top of Mount Everest.

Nov 27, 2009

Watch out for the Chinese Spammer!

The chinese spammer who left a comment on my previous post seems to have possibly somehow managed to inject some javascript into his comment as far as I can tell. it looks like he has used HTML entities to escape the code. the effect seems to be that I cant delete his comment and the comment footer has been turned into some form of javascript link. I am keeping comment moderation turned on meantime until I can get rid of his spam comment.

I may also turn the comments on and off on that post as I try to get rid of his comment - just in case your over for a look!

It's one of the perils of blogging.

Update: checked the blogger help group and others are reporting this issue over the last few days - again chinese spam.

Update: it seems it was possibly Korean rather than Chinese SPam that I got hit with from reading the blogger help forum. After trying numerous ways of getting rid of the spam comment the only method I could find that worked was to copy the original posts and the non spam comments to a new post, delete the original and then reset the copy back to the original date. Blogger would appear to have a vulnerability that is being exploited by this particular Korean spammer. He or they appear to have found a way to prevent their spam comments on posts being deleted.

5 comments:

Marf said...

You should have seen what happens when you disable javascript in your browser. Then maybe the delete icon would have worked.

Marf said...

Yeah, I just tested the concept on my testing blog. You can delete a comment without javascript enabled in your browser.

So if it's javascript this spammer is using to disable the delete icon, you can bypass it by disabling javascript temporarily in your browser's settings.

Obviously you'll have to reload the page the comment appears on to get the delete icon to work.

Bunc said...

That's a good point Marf - I should have tried that. He shouldn't have been able to inject Javascript at all really and Im still not absolutely certain if thats what he did - but I cant think of anyother way he could have taken over the comment display.

I checked my site in firefox using firebug and coudldn't see his Javascript - the HTML entities I could see when I hovered over where the delete button should have been didn't show when I looked at the page using Firebug. He clearly has a real crafty approach.

Marf said...

Too bad you deleted it, I would have liked to take a look at the sourcecode of the page and see what was actually in his comment.

This may be a bit obvious, but did you see the icons for other comments? I've noticed that I need to visit the blogger.com dashboard (essentially log in) before those icons appear for me.

Bunc said...

It was only the delete icon for that commment that was missing and then only in IE. I posted a test comment after the spam comment and my test comment had the delete icon showing ( when I wa logged in of course.)

In Firefox the delete icon did show but when I attempted to delete the comment I got an error code repeatedly.

Related Posts by Categories



Widget by Hoctro | Jack Book
About Us | Site Map | Privacy Policy | Contact Us | Blog Design | Ayrshire Blog Creative commons License