Anti-comment spam update
Looks like key rotation isn't working as expected:
67.15.18.27 - - [19/May/2007:09:25:36 -0700] "GET /post.ml?reply_of=56 HTTP/1.1" 200 7586 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt\\)"
67.15.18.27 - - [19/May/2007:09:25:37 -0700] "POST /cgi-bin/post.pl HTTP/1.1" 200 5190 "http://hxbc.us/post.ml?reply_of=56" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
67.15.18.27 - - [19/May/2007:09:25:57 -0700] "POST /cgi-bin/post.pl HTTP/1.1" 302 5 "http://hxbc.us/post.ml?reply_of=56" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
67.15.18.27 - - [19/May/2007:13:20:42 -0700] "POST /cgi-bin/post.pl HTTP/1.1" 302 5 "http://hxbc.us/post.ml?reply_of=56" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The 5 seconds delay clearly worked the first time, and the spammer proceeded to repost the comment 20 seconds later. I wonder how he is able to post again nearly 4 hours later, without getting another secret token.
I have another plan to make the spammers' lives more difficult, which I will probably implement this weekend.
by khc
on Sat May 19 13:31:02 2007
Permlink
RE: Anti-comment spam update
Ahh, a mistake of my part caused Blowfish to always use 'cipher' as the encryption key. RESOLVE FIXED+VERIFIED!
by khc
on Sat May 19 14:15:28 2007