![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Another week, another minor security hole
Jun. 26th, 2012 03:38 pmI just deleted a spam comment in my blog, apparently left by -- wait for it -- user ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-community.gif)
livejournal. I did spend a minute or two confused by that one.
Apparently things are set up so that pingbacks (the notification you get when somebody refers to your post) are sent ostensibly from the main LJ account, rather than from the person who is actually committing the spam. The *content* refers to the spammer, but the header is from the system account. So I can mark the comment as spam, but then it asks me whether to banlivejournal, not the spammer. Presumably the spammer knows this, and is using it as a way to avoid getting quickly bounced.
Oops.
(Clever bit of spam -- I'm still not sure how he triggered the pingback, since the post doesn't obviously refer to mine. The account appears to contain only the one post, some conspiracy theory about the CIA having killed the Portugese Prime Minister. *Very* odd...)
livejournal. I did spend a minute or two confused by that one.Apparently things are set up so that pingbacks (the notification you get when somebody refers to your post) are sent ostensibly from the main LJ account, rather than from the person who is actually committing the spam. The *content* refers to the spammer, but the header is from the system account. So I can mark the comment as spam, but then it asks me whether to ban
livejournal, not the spammer. Presumably the spammer knows this, and is using it as a way to avoid getting quickly bounced.Oops.
(Clever bit of spam -- I'm still not sure how he triggered the pingback, since the post doesn't obviously refer to mine. The account appears to contain only the one post, some conspiracy theory about the CIA having killed the Portugese Prime Minister. *Very* odd...)