"The power of accurate observation is often called cynicism by those who don't have it."
- George Bernard Shaw

Fending off spammers
Sunday, January 21, 2007 | Permalink

If you visited this site this morning or yesterday night and found that you was redirected to another site, please do a virus scan on your system.

Apparently a spammer was able to squeeze in a javascript into his name tag in the comments. Unfortunately, I didn't have the security check for the name field as I have for the comment field. Thus the script was included in the regular html code, causing all visitors to the main page to get redirected to the spammer's site. As I got redirected this morning my antivirus program immediately alerted me as I arrived at the spammer's place and it tried to plant a virus on my machine. For those of you that don't have a antivirus program or don't have it configured to continuously guard your files, you probably got infected if you went there.

I have now fixed the security hole and as a further step to fend of spammers you'll now have to enter a code when you comment. This should be very quick and not be a problem for regular posters and hopefully block most spam bots.

Name

Comment

Enter the code below



Schmackbolzen
Monday, January 22, 2007

Sounds like you use Internet Explorer - If you use a different Browser like Firefox, Seamonkey or Opera you should at least have to interact somehow to get a virus installed. Maybe you should mention that in your text and change your browser (in case Im right ). In the past there were always a few working (sometimes 0d) exploits for IE to infect your computer without any interaction. And it doesnt look like it will change in the near future (thanks to MS).

Schmackbolzen
Monday, January 22, 2007

P.S.: There seems to be an error in your code-check system, I had to manually look up the code in your HTML code (which i shouldnt be able to, a program can do this too, but I think you know that). Your 4. jpg looks like a nine, but you have to enter 4. And the code doesnt change when I reload.

Schmackbolzen
Monday, January 22, 2007

Sorry I meant .png - may you can delete this comment and change it in the comment above...

Humus
Monday, January 22, 2007

No idea how the 4 became a 9, but I've fixed that now (7 and 8 were also nines). It's not foolproof of course, but should make it tricker to spam with a bot (manual spamming is of course always possible). If it doesn't work out I'll look into a more advanced solution. At least now a spammer should not be able to pass any html code through the comments system, and that's what matters the most.

And yes, I use IE (shame on me, I know), but I used FireFox to debug.

Ningu
Monday, January 22, 2007

Man, that sucks. Having to turn up security cause of an attack.
It's like 9/11 in a website.
Just don't make me take my shoes off before posting, ok?
Well at least the exact same thing won't happen again.

Rajesh Peter
Thursday, January 25, 2007

Evil spammers, why don\'t they get a life and learn 3D?

Henley
Sunday, January 28, 2007

I had the excact same problem on my site and ive only just got into web development so i didnt have any ideas to keep away the bots, after seeing this i think ill give it ago although ill see if a can make a script that will change the security code each time the page is loaded.

SqR00T
Monday, February 5, 2007

Code is readable!

Try search "CAPTCHA PHP" at google.com and you will find some php classes that generate images with code. It's simple to add to the site.

Try using for browsing Opera. Opera really cool!
You can surf only with a keyboard. It's more quicker. But some sites opera displays wrong - it's not bad.
There are many bugs in opera, and very very very very few are dangerous.