The chinese spammer who left a comment on my previous post seems to have possibly somehow managed to inject some javascript into his comment as far as I can tell. it looks like he has used HTML entities to escape the code. the effect seems to be that I cant delete his comment and the comment footer has been turned into some form of javascript link. I am keeping comment moderation turned on meantime until I can get rid of his spam comment.
I may also turn the comments on and off on that post as I try to get rid of his comment - just in case your over for a look!
It's one of the perils of blogging.
Update: checked the blogger help group and others are reporting this issue over the last few days - again chinese spam.
Update: it seems it was possibly Korean rather than Chinese SPam that I got hit with from reading the blogger help forum. After trying numerous ways of getting rid of the spam comment the only method I could find that worked was to copy the original posts and the non spam comments to a new post, delete the original and then reset the copy back to the original date. Blogger would appear to have a vulnerability that is being exploited by this particular Korean spammer. He or they appear to have found a way to prevent their spam comments on posts being deleted.
skip to main |
skip to sidebar
Ayrshire local,national and international news and opinion.
Pages
Posts
Blog Archive
Top Recent Commenters
Topics
- religion (62)
- ayrshire news (56)
- politics (56)
- science (46)
- crime (33)
- Atheism (31)
- middle east (31)
- islam (24)
- scotland news (24)
- Evolution (21)
- environment (21)
- fundamentalist (21)
- Humour (19)
- finance (17)
- free speech (16)
- Blogging (13)
- Scottish Elections (12)
- conspiracy (11)
- music+arts (11)
- US (10)
- terrorism (10)
- Tommy Sheridan (9)
- health (9)
- Ayrshire Elections (8)
- BBC (8)
- child abuse (8)
- Egypt (6)
- Freedom of Information (6)
- cartoon (6)
- history (6)
- Computer (5)
- Entertainment (5)
- Global Warming (5)
- Photo (5)
- Poems (5)
- sponsored (5)
- UK (4)
- africa (4)
- jobs (4)
- Check this out (3)
- TV (3)
- Twitter (3)
- website review (3)
- #IAmSPartacus (2)
- Blog Action Day (2)
- Burma (2)
- Darwin (2)
- Film Review (2)
- Hotels (2)
- Libya (2)
- Northern Ireland (2)
- Pakistan (2)
- Racism (2)
- Reasons to be Cheerfull (2)
- Scientology (2)
- Shopping (2)
- Weather (2)
- business (2)
- drugs (2)
- energy (2)
- holocaust denial (2)
- ABOUT (1)
- Afghanistan (1)
- Algeria (1)
- Arab Spring (1)
- Blog round up (1)
- Charity (1)
- China (1)
- Comments Policy (1)
- Dialogues (1)
- EU (1)
- Edinburgh (1)
- Gaming (1)
- Gardening (1)
- Google (1)
- Halloween (1)
- Iran (1)
- Italy (1)
- Jazz (1)
- Odd Things (1)
- Palestine (1)
- Poverty (1)
- Quiz (1)
- Robert Burns (1)
- SciFi (1)
- Scotland (1)
- Swine Flu (1)
- Travel (1)
- UK elections (1)
- WikilLeaks (1)
- cars (1)
- commonwealth (1)
- cuts (1)
- ecommerce (1)
- education (1)
- home (1)
- israel (1)
- philospohy (1)
- revolution (1)
- scepticism (1)
- software (1)
Followers
I spent a lot of money on booze,birds and fast cars. The rest I squandered. (George Best)
About Us | Site Map | Privacy Policy | Contact Us | Blog Design | Ayrshire Blog Creative commons License
5 comments:
You should have seen what happens when you disable javascript in your browser. Then maybe the delete icon would have worked.
Yeah, I just tested the concept on my testing blog. You can delete a comment without javascript enabled in your browser.
So if it's javascript this spammer is using to disable the delete icon, you can bypass it by disabling javascript temporarily in your browser's settings.
Obviously you'll have to reload the page the comment appears on to get the delete icon to work.
That's a good point Marf - I should have tried that. He shouldn't have been able to inject Javascript at all really and Im still not absolutely certain if thats what he did - but I cant think of anyother way he could have taken over the comment display.
I checked my site in firefox using firebug and coudldn't see his Javascript - the HTML entities I could see when I hovered over where the delete button should have been didn't show when I looked at the page using Firebug. He clearly has a real crafty approach.
Too bad you deleted it, I would have liked to take a look at the sourcecode of the page and see what was actually in his comment.
This may be a bit obvious, but did you see the icons for other comments? I've noticed that I need to visit the blogger.com dashboard (essentially log in) before those icons appear for me.
It was only the delete icon for that commment that was missing and then only in IE. I posted a test comment after the spam comment and my test comment had the delete icon showing ( when I wa logged in of course.)
In Firefox the delete icon did show but when I attempted to delete the comment I got an error code repeatedly.
Post a Comment