Tuesday, November 15, 2005

Moderation Hole

Not supprisingly, Google has yet another flawed antispam system. Remember that moderation solution to comment spam they implemented a short while back. Since my last post, I have received about 200 more comments, few if any are legitimate (I haven't checked them all yet).

The problem is about five of them somehow skipped the comment approval system. Out of 200 that is a tiny number, but if this is an exploitable hole rather than just an intermittent bug, the number could greatly increase as spammers catch on.

When first discovered only days after being was implemented, I hoped this was just a momentary bug with Blogger while they were updating. They had just created this feature so I was willing to give them the benefit of the doubt, but it appears this was not a short term problem whatever it is.

I got no moderation email for these few spam comments, so I could not have accidentally approved them. I was also no where near a computer at the times they were posted.

The most recent spammer that appears to have bypassed the system is Doer. Tonight I had four comments by him. Only the fourth was held by the moderation system. Gordon left the same spam comment twice a couple hours before Doer. Those two were properly held for approval.

Their spam:

Hello, just visited your blog, it's informative. I also have a website related togoogle adsense software. So make sure you visit and hope it's useful.

So, is this a hole or an intermittent bug? I have no idea, only Google and Blogger would know and I doubt they would even admit a problem exists. Either way I hope they fix it fast.

Comments: Post a Comment

<< Home