Utterly Boring dot com

MT Comment Forms Used for Spam?

I glanced through the MT Support Forums and didn't see anything in regards to this, but I didn't have a whole lot of time to look.

Here's what's happening: Every couple weeks, I'll get a few comments that do this type of thing:

In the author field: "angelrrsmr@aol.comTo: angelrrsmr@aol.comFrom: angelrrsmr@aol.comSubject: kvlP(C87BA01E,author)ZOl"
In the e-mail address field: "angelrrsmr@aol.comTo: angelrrsmr@aol.comFrom: angelrrsmr@aol.comSubject:"
In the URL Field: "http:// angelrrsmr@aol.comFrom: angelrrsmr@aol.comSubject: aw(C87BA01E,url)OY4QK1FA2lmq5DIVMRq28RS0KB Ed WPJEfnH3l7M06xz9."
In the comment field: "body"

Herein lies the problem: When I get my e-mail notification for comments, I notice that the "To:" field not only has my e-mail address, but "angelrrsmr@aol.com". They come out looking like this:

A new comment has been posted on your blog UtterlyBoring.com, on entry
#1602 (Want a really long e-mail address?).
http://utterlyboring.com/[snip]#2531

IP Address: 137.164.143.111
Name: angelrrsmr@aol.com
To: angelrrsmr@aol.com
From: angelrrsmr@aol.com
Subject: kvlP(C87BA01E,author)ZOlL2KUa

bebrrG5sr6xaIp3ejB Ik

So I don't know what else they could be using this for, but I could see this getting exploited.

Anybody else run into this? I've posted this on the MT forums, but feel free to comment here as well.

Posted by Jake on 04/12/04 @ 10:03 AM
Posted in Geekdom | Permalink



What are you doing down here? Don't you have something better to do? Like Go Back To The Top of the page, or even see who created this site? This site is © 2001 - 2017 by the Utterly Boring folks at UtterlyBoring.com. Steal my content, as I probably did, too, just link to my site or the original site. Batteries not included. One size fits all. Not for off-road use. Not for internal use. Do not taunt Happy Fun Ball.