site vandalism

| 7 Comments | 5 TrackBacks

I have no idea how or when it happened (apparently not just now, since there are several cached versions of it in Google), but vig-rx managed to replace the contents of one of my blog entries with its vile spam contents.

I discovered this only because it stupidly added a comment to that post today, and when I went to delete the comment spam, I realized the entry itself was gone.

This scares the crap out of me. I don't know what security hole enabled someone to do this, but whatever it is I want it fixed!!!

Crap. A quick site search indicates that it was two entries. I didn't have a backup of the original database (just did a dump, which I'll now start doing on a regular basis), so those two entries are gone for good.

(And I only send an excerpt of my posts in my RSS feed...guess that's going to change, as well, since otherwise I could have retrieved the originals from Feedster's cache.)

HELP!!!

---

Update: Joi says it's a Safari bug, which kicked in when I deleted the problem comment. I've retrieved the second problem entry from Google's cache. First one I couldn't find there.

That's a pretty big bug. Guess I'm back to using Mozilla.

5 TrackBacks

MT vs. Safari from Quarter Life Crisis on September 5, 2003 7:08 PM

Interestingly, the problems I first saw a few days ago and considered analysed later, turned out to be of a different nature: Safari seems to be the culprit rather... Read More

MT vs. Safari from Quarter Life Crisis on September 5, 2003 7:09 PM

Interestingly, the problems I first saw a few days ago and considered analysed later, turned out to be of a different nature: Safari seems to be the culprit rather... Read More

There's an evil bug in Safari or MoveableType that makes comment spam kind of jump into the actual post itself when you delete it. I'd started ignoring this, since it doesn't seem to affect the actual post if you don't... Read More

Back to Camino from A View From Home on October 14, 2003 12:28 PM

Ran into an interesting bug in Safari that has me using Camino again as my fulltime browser. Maybe that will change when I install Panther, maybe not. Problem 1, I already blogged about. Namely, my cookies are completely dead. As... Read More

site vandalism / spam via comments from /*{<!-- (*;*#'c!//*) -->} */ on November 21, 2003 4:17 PM

mamamusings: site vandalism So, maybe my paranoia (completely disabling comments) is justified!... Read More

7 Comments

For what it's worth, this happened to another blogger who posted about it on the MT support forums - the thread is here. As you can see, there are other issues (server space, Berkeley backend) that made me suspect this was an isolated incident, however, I'll bring it up with the other moderators (and by extension, Ben and Mena) right away. Are you using Berkeley? Anything else in common with that person?

Liz, what's the other entry? Do you keep log entries for your CGI applications, and if so, can you access the entries made with this specific IP?

I was hit in an older July entry, and only the comment was added, entry is fine.

I imagine that Anil will be passing this on to Ben and Mena, but email if you want me to help at all.

Does MT have anything in place to counter a simple, repetative dictionary attack?

Do your MT logs show a bunch of failed logins?

Liz, thanks for the heads-up. I've passed the problem on to Ben and we'll try to see if there's anything we can take care of on our end, though I do know there are bits of craziness with Safari's form support.

Liz,

It is indeed a Safari bug. What happened is that when you go to delete your comment, it will suddenly appear in the body of your post. You probably pressed the save button without checking the post since you didn't expect the post to change. This behavior also shows up when you select multiple checkboxes of posts to delete. After you press "delete" you'll notice that a new set of entries will then be checked.

We've written to the Safari dev team about this and hopefully it will be fixed soon.

Mena

I've just discovered a heretofor unrecognized benefit of doing one's authoring in another environment. All of my entries are drafted, edited and finalized in WordPad on my desktop machine. I've installed the "textism" plug-in for MT so my PC-based content contains only the few formatting codes necessary to permit the plug-in to do its formatting.

All of my entries are stored and backed-up locally. It becomes a relatively simple matter of "Select All / Copy / Paste" to get the final work into the MT form.

Forms-based composition is a king-sized pain in my view. Avoiding potential loss through redundancy is icing.

Please don't start sending complete posts via RSS; the efficiency benefits of RSS over e-mail are lost with respect to traffic volume, reader-time and general clutter.

This *almost* happened to me as well. I deleted the post by vig-rx and then suddenly the comment appeared in the post area. I, however, copied and pasted the "hardcopy" post from my site and saved the post.

I'm assuming if I went to edit entries and edited that post after deleting the comment, that the spam from the comment i had deleted would not show up in the post.

This is an annoying bug.

About this Entry

This page contains a single entry published on September 3, 2003 8:51 AM.

comment spam was the previous entry in this blog.

and so it begins again is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Category Archives