I glanced through the MT Support Forums and didn’t see anything in regards to this, but I didn’t have a whole lot of time to look.
Here’s what’s happening: Every couple weeks, I’ll get a few comments that do this type of thing:
In the author field: “[email protected]: [email protected]: [email protected]: kvlP(C87BA01E,author)ZOl”
In the e-mail address field: “[email protected]: [email protected]: [email protected]:”
In the URL Field: “http:// [email protected]: [email protected]: aw(C87BA01E,url)OY4QK1FA2lmq5DIVMRq28RS0KB Ed WPJEfnH3l7M06xz9.”
In the comment field: “body”
Herein lies the problem: When I get my e-mail notification for comments, I notice that the “To:” field not only has my e-mail address, but “[email protected]”. They come out looking like this:
A new comment has been posted on your blog UtterlyBoring.com, on entry
#1602 (Want a really long e-mail address?).
http://utterlyboring.com/[snip]#2531
IP Address: 137.164.143.111
Name: [email protected]
From: [email protected]
Subject: kvlP(C87BA01E,author)ZOlL2KUa
bebrrG5sr6xaIp3ejB Ik
So I don’t know what else they could be using this for, but I could see this getting exploited.
Anybody else run into this? I’ve posted this on the MT forums, but feel free to comment here as well.
Comments
I’ve had them before too, often several identical ones from different IP addresses, but all posted at roughly the same time. I haven’t had one recently although I’ve blocked a number of anonymous proxy servers from accessing the site, so that might have prevented this. Your theory is the same as mine though, but it’s anyone’s guess as to what they’re trying to achieve.