Tue 26 Feb 2008
If I Had a Hammer
Posted by anaglyph under Cow Matters, CowBlogTech, Idiots, Spam Observations, Vitriol
[17] Comments
Faithful Acowlytes,
Some shithead spammer has found a way to invade my posts, appending all kinds of rubbish to the actual post content (usually in the form of hundreds of smutty URLs). As near as I can tell, all the stuff is actually invisible to readers, although I can see it in the post edit code (they’ve evidently done this on purpose – the code renders all the smutty URLs unviewable). I haven’t the foggiest why they would do that, but then I have no inkling of the cretinous thought processes of spammers. In the process they have somehow also interfered with the commenting structure, so you may or may not be able to comment.The damage is vast and I need to investigate how this has happened but I don’t have the time just now. I’ll get onto it as soon as I can. Can I ask anyone who’s reading just to leave a comment so I can check that things are normal from your side? Also, if anything looks peculiar (well, more peculiar than usual) please let me know. I don’t know what these fuckwits have done, and I have no idea of the scope of the damage at this moment.
Man I hate these morons.
~Reverend.
UPDATE: I think I’ve rectified the problem and cleaned up most of the mess. I never lock Comments on my posts, so if any of you find that you can’t leave a comment on Cow posts, please email me [reverend-AT-tetherdcow.com] and let me know. I have no way of knowing if Comments are locked (other than investigating settings on individual posts) since for me the Comment field is always available in this particular scam (Mr Spam Shithead has been very crafty in this respect).
We now (hopefully) return to normal programming.
“WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.”
I don’t know if this vulnerability applies to 2.1.x and 2.2.x versions of WordPress – I suspect yes though I haven’t checked – but I disabled registration (‘Membership’ on the General Options page) just the same.
Comment as per request.
Bastardos!
I don’t have Registration enabled.
I’m not entirely sure what’s happening, but this is what I think:
Everytime I make a new post, a certain person (let’s call him Mr Spam Cretin) gets an rss notification. MSC then uses some kind of security hole in WP to append a whole list of smutty URLs to the content of that post (I suspect that all this is achieved by a bot rather than an actual person – wouldn’t be hard to accomplish). The added material is purposely made ‘hidden’ for reasons at which I can only speculate: It’s possible that MSC is being paid by some Spam Boss on a per-link basis – he makes them undetectable (in order to keep a lot of them active without being detected) so that he can go back to the Boss and say ‘I made ten million active links, give me my fifty bucks!’ The Spam Boss checks to see that the links are active (which they are, although invisible) and pays his lackey. Or something. A case of no honour among thieves. But they’re spammers, so I guess it would be a big stretch to give them credit for any amount of ethics, let alone intellect.
Jam, I’ve upgraded to 2.3.3 – will see if the same problem is evident.
If you get this comment it seem Ok from my end.
These dimwit morons must still make some kind of money from this stuff. God knows who reacts to SPAM nowadays anyhow.
One day…… when we are are frolicking around in white Kaftans in flower covered fields near some low white stucco buildings, with no visible roads, these spammers will not exist.
S.
If I believed in hell, I would wish all such cretins end up there.
All looks ok from here.
Glitch would make short work of S Cretin
I hate spammers.
Love SPAM though. Especially with vegemite.
Could the purpose be a Google-related scam? Active links from The Cow back to those sites get “counted” to boost the ranking of those websites?
Well, of course all our spam comes with vegemite down here.
As for the scam, well, yes I guess you’re right, it’s bound to be something like that. Bastards.
Adding my test comment.
Here’s praying the Tetherd Cow can always stay Ahead.
hope it’s all fixed up now
Well, everything seemse to be gO H3re for S3X!!!!! in order. I don’t think S15teR Veronic@ HEREHEREHERE you have anything to worry about.
Hahaha! Case, you’re a card.
So glad you were able to get it cleaned up. Whenever I last checked in here (few days ago?), I could see all those links on the RSS reader, although I couldn’t see them when I clicked through the actual post.
I figured it was a spam attack. Worry not. I’m sure karma is on the job, and the spammer is right this instant dealing with a rampant case of hemorrhoids or other similarly distressing issue.
Oh wow, that so sucks! So sorry you had that happened. I had visited on several occasions and could not post comments, which was a bit frustrating but figured it was just one of those “net” things. After youtube went down the other day thanks to the middle east (boy they like to have fun screwing up our fun) I just figured it was a matter of time before the internet froze up solid.
I don’t understand spammers either. Honestly, couldn’t you take that evil genius and use it for good?
Phoebe Fay: Yes, well, while I hope you are right and the bastards are sitting uncomfortably on a slow bus attempting to make it in time for a late parole appointment, I fear that instead they are lounging by a pool drinking margueritas on my account.
MI: I don’t think there’s any ‘genius’ involved. Just persistent drudgework by cretins who can’t get a job doing anything more productive.