I’ve yanked out my own crude anti-comment-spam tests and replaced them with a nice tidy call to the Akismet API. If this works out I’ll most certainly incorporate it into the Django version of the blog – there’s a nice Python interface as well.
seanrox commented on Thu Aug 24 14:58:33 2006:
Akismet is nice and works wonders on comment spam as you’ll see on your site.
The guys over at automattic.com really know their stuff.
Somehow I don’t think this is worth making a filtering rule for, but it’s amusing. How many characters of this header to you need to scan before you know it’s forged?
Reveived: from web.de
by fmmailgate04.web.de (Postfix) with SMTP id 94F36A25FF;
Fri, 21 Jul 2006 17:03:27 +0200 (CEST)
Trac is a fantastic, world-dominating software project management and bug-tracking system written in Python. It integrates with Subversion and has a wiki and just works. Even the Rails guys use it. It’s possible that if Trac and Chuck Norris walked into a bar, only Trac would leave.
But unfortunately, the comment-spammers and wiki-spammers have noticed Trac and have been updating their scripts. Hence the 12,000 15,000 hits for “trac spam.”
I guess this means that the RapidWeaver developers haven’t been reading my blog.
Does your website contain mail forms that aren’t sanitizing input as aggressively as they should? There seems to have been a recent surge in automated (or semi-automated, it’s hard to tell) probes and exploits of form mail scripts, all revolving around injecting headers into sent mail.
Here’s how it works: Let’s say you have a form that allows the user to enter their email address. The black hat’s exploit script submits a value for that field that includes a newline, followed by whatever email headers they want to insert: Bcc, for example, or even full-blown MIME-encoded parts.
My old scam-and-hoax search engine project, Purportal.com, grew out of a longstanding morbid fascination with the variegated forms of fraud, especially those that have flourished in email and on the web. The other day I came across a form letter I used to send in response to “419” gambits, also known as “advance free fraud.” Excerpt:
The fund you speak of, in the South African Mining Corporation, is of great interest to me since my recently deposed brother-in-law, erstwhile shoeshine boy to the one-time International pie-eating champion’s third cousin twice removed by marriage…