Comment Form Attack

Came back from a nice walk on the seafront, including a 30 minute professional
firework display from a boat 20 meters offshore and about 50 people
watching, to find that someone had attempted to attack my blog comment
to send spam. Fortunately according to my mail logs, nothing went out,
but it did make me go through and read the comment plugin code. I did
wonder if every suitable field had been cleaned and have now made sure
that it is. Looks like it came from several IP addresses over a 5 minute
period and got past my (admittedly very) simple turing test, so I don’t
think it was an automated script. For an example of the attacks, check out this old

2 thoughts on “Comment Form Attack

  1. We had problems with injected SMTP commands and the comments plugin a while ago (I think it was over a year ago) and Ted fixed it so that if the comments plugin is configured to send comments via SMTP to you as a notification, it won’t “accidentally” go and send a bunch of comment spam through your MTA as well.

    While I haven’t tested this fix in a while, I’m pretty sure it still works.

    Anyhow, my point being that if you do find any issues, let me know.


Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.