Spamhuntress

Uploading scripts need to be removed

Eugene Blagodarny has started using uploading scripts as means of turning regular clean websites into spammy websites.

Here’s an example (that will hopefully be removed soon) of his handiwork:

m4l.berlios.de/pub/Main/MarkusMerk/

He likes using the username MarkusMerk.

But the problem goes deeper. Any file upload facility needs to be turned off unless you’re able to monitor daily (wikis that aren’t too busy might be able to keep it a little longer. Mediawiki also seems immune - doesn’t like html files). Upload facilities are often part of wikis, forums and content management systems that support communities. The SnipSnap blog software is especially vulnerable.

And HyperNews needs to be removed altogether.It’s a forum like script, with articles that can be commented on. It allows javascript redirects, and Eugene has been turning any installations into spam heaven for a while now. I notified the creator of the script of the problem a few weeks ago. So far no response.

This entry was posted on Saturday, August 5th, 2006 at 6:11 am and is filed under Comment spam, Admin issues. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Uploading scripts need to be removed”

Jeremy Says:
August 5th, 2006 at 4:51 pm
I’ve been playing around with javascript lately, and have encountered a handful of spam type tricks that could be used against vulnerable blogs. No good. When taking any data from the outside world, you really better test your code that handles that data before opening it up to the www.

Uploading scripts need to be removed

One Response to “Uploading scripts need to be removed”

Leave a Reply