I’ve yanked out my own crude anti-comment-spam tests and replaced them with a nice tidy call to the Akismet API. If this works out I’ll most certainly incorporate it into the Django version of the blog – there’s a nice Python interface as well.
seanrox commented on Thu Aug 24 14:58:33 2006:
Akismet is nice and works wonders on comment spam as you’ll see on your site.
The guys over at automattic.
Somehow I don’t think this is worth making a filtering rule for, but it’s amusing. How many characters of this header to you need to scan before you know it’s forged?
Reveived: from web.de
by fmmailgate04.web.de (Postfix) with SMTP id 94F36A25FF;
Fri, 21 Jul 2006 17:03:27 +0200 (CEST)
It’s a problem.
Trac is a fantastic, world-dominating software project management and bug-tracking system written in Python. It integrates with Subversion and has a wiki and just works. Even the Rails guys use it. It’s possible that if Trac and Chuck Norris walked into a bar, only Trac would leave.
But unfortunately, the comment-spammers and wiki-spammers have noticed Trac and have been updating their scripts. Hence the 12,000 15,000 hits for “trac spam.
I guess this means that the RapidWeaver developers haven’t been reading my blog.
I thought my idea for a figlet-based Captcha system was just my own nerdy, sick secret. Now I discover that someone has actually built one. Wow.
Does your website contain mail forms that aren’t sanitizing input as aggressively as they should? There seems to have been a recent surge in automated (or semi-automated, it’s hard to tell) probes and exploits of form mail scripts, all revolving around injecting headers into sent mail.
Here’s how it works: Let’s say you have a form that allows the user to enter their email address. The black hat’s exploit script submits a value for that field that includes a newline, followed by whatever email headers they want to insert: Bcc, for example, or even full-blown MIME-encoded parts.
My old scam-and-hoax search engine project, Purportal.com, grew out of a longstanding morbid fascination with the variegated forms of fraud, especially those that have flourished in email and on the web. The other day I came across a form letter I used to send in response to “419” gambits, also known as “advance free fraud.” Excerpt:
The fund you speak of, in the South African Mining Corporation, is of great interest to me since my recently deposed brother-in-law, erstwhile shoeshine boy to the one-time International pie-eating champion’s third cousin twice removed by marriage…