HomeBlogsChristoph C. Cemper's blog
Spam

MT-Blacklist v1.64 released

<< I cannot crack passwords for your daughters account! | Comment Spam with HTML entities in the Url >>
Fri, 05/21/2004 - 01:24 — Christoph C. Cemper

Great – just as I found these new HTML entity spammers today Jay Allen released a new verion of his

MT-Blacklist v1.64 – Just wonder if this would already be the cure?

Quote:

Version 1.64 is essentially a one-line change from v1.63 to fix the _sanitizeInput() function in Blacklist.pm. This function, included since the first release of MT-Blacklist, decodes all comment information before comparison with the blacklist.

Unfortunately, the order of the lines in the function prevented MT-Blacklist from actually decoding encoded URLs correctly meaning that even a brain-dead spammer who had even the most basic familiarity with HTML could spam as if MT-Blacklist didn’t even exist. [YOOO!!!]

What’s crazy is that I don’t think I’ve touched that function since the first version, meaning that this hole has been present for over six months!

Average rating
 
 
 
 
 
(0 votes)

Similar entries

  • MT-Blacklist 1.62 and updater

    Jay Allen's wonderful MT-Blacklist that helps to avoid penis pill spam and thousands of other idiotic comments on MT-blogs is hot and installed… there's also a documentation on updating automatically with some addons… But Jay talks about version 2 being…

  • Get Lost Blog Comment Spammers !

    If you think that I am amazed by any of your stupid penis-enlargement comments, take note that my Blacklist might already list you and MT-Blacklist will reject any comments posted by you – so no Google Page Rank improvement for…

  • TypeKey Six Apart's new MT 3.0 feature against 'Comment Spam'

    Six Apart Trains Guns on 'Comment Spam' writes about the new authentication service "TypeKey" by SixApart that shall enable a central comment registration – so blog commenters will not need to register with every single weblog… oh well – redirecting…

  • Comment Spam with HTML entities in the Url

    Well, I found this one worth a note – for some time users tried to protect their email from spam bot harvesters by using html entities (codes representing the actual character) in their entries… believing that a spam bot cannot…

  • Site Stats updated

    Well – after 5 months we can see that the weblog stats still keep rising very fine… rising unique visitors and page impressions … MonthUnique visitorsNumber of visitsPagesHitsBandwidth Jun.0354114414748625968.15 MB Jul.0361869701380941428011.52 GB Aug.031829929735961663824683.94 GB Sep.0324893380631138114290293.75 GB Okt.0328563433641166874743353.73 GB Okt.0328563433641166874743353.73 GB…