Opening Pandora’s blogspot.com
-
Copied from the SPAM-L mailing list with permission. This is another reason why javascripts are bad and why blogger suffers from allowing them to run unchecked:
For a while now, I’ve been looking at spamvertized blogspots, and blocking them at my border Squids. Today, the script that notified me of fresh ones suddenly went wild. I thought it had gone in a loop, but no: turns out the Google poisoners did.
Start spidering at 6051-true-when-no.blogspot.com/ and you’ll get over 25,000 blogspots that all try to load a .js file from wellifuaskme.info (and that, as of this writing, points to somareviews.info, which itself appears to be broken now). The pages all differ in subtle ways, e.g. the level of encryption of the JavaScript, but they all point to the same place.
I have, in vain, tried to reach a human a Google to discuss the problem, but I have so far only reached the pigeons of the PageRank system (turns out they also learned this neat trick of sending a boilerplate response to any helpful suggestions they get).
Google, of course, refuses Spamcop reports about blogspots, and the only way to report a blogspot is by clicking on a “Notify Blogger about objectionable content” button. Needless to say, the moving parts behind that button are kept running with cookies and JavaScript and spammy’s handiwork throws a nice spanner in the works there (anyone know how to selectively disable JavaScript’s document.location.replace in Firefox?)
I’m considering whacking all of blogspot.com until Google:
(a) starts acting on Spamcop reports
(b) disallows <META REFRESH>
(c) disallows document.location.replace
(d) disallows <script type=’text/javascript’ src= [any unvetted site]
(e) disallows encrypted JavaScriptBy the way, I had never intended to spider blogspot, fixing the darn script to not mail me the offending web page in a way that causes SpamAssassin to think it’s spam (triggering the recursion) took care of that.
But me wasting my time on blogspot reminds me of this great Groucho Marx quote: “I’m defending the lady’s honor. Which is more than she ever did.”
Oh, and when I started looking at what was happening, the stacks of JavaScript obfuscation led me to a site that just showed me a Captcha and an input box to retype it. I don’t even _want_ to know whose Captcha they wanted me to retype for them — I took out the website so my users wouldn’t inadvertantly fall for it and couldn’t reproduce it as I’m typing this — maybe by mistyping the Captcha I would’ve learned something new.
-
- The topic ‘Opening Pandora’s blogspot.com’ is closed to new replies.
WordPress.com Forums 