Fake Banner
Is this site opened for phishers?
By Ladislav Kocbach | October 7th 2009 08:57 AM | 4 comments | Print | E-mail | Track Comments
More Articles
All Articles
About Ladislav

Born in Prague (CZ), studied physics. Started with algol programming on GEAR-1 in Rez of the shell model of nuclei in 1966. Moved to Bergen, Norway...

View Ladislav's Profile
I start my activity on these pages by pointing to a security problem we have here. I found it when viewing one of my comments to a news article where a new comment appeared:
http://www.scientificblogging.com/comments/24095/Re_2009_Peer_Review_Sur...
I thus wrote there this, which indeed is unfortunately true:
The comment by Tiffany is a spam. It only says "Nice" but points to some shop with cheap bracelets. Tiffany should be removed and then one can remove also this comment.


I would think that it should not be possible to insert a link into the signature.

This is opening this site to miscreants who could link us to phishing sites. This should be fixed!

My warning appears as
http://www.scientificblogging.com/comments/24110/comment_Tiffany
and it should really be fixed. If people want to link to their pages, they must have account here.


Comments

Hank
I agree that spam is a big problem but people are overloaded with login/registration requirements for every site they want to visit so we had a discussion a year or so back and decided to open it up to anonymous comments.   We have to have links because it's a science site - people reference - but for anonymous people the links have the nofollow attribute.   So they are basically useless but still annoying.

When we get spam links like you mentioned we ban the IP address but if someone is determined to fill out the captcha and leave a comment, they will do it and it will stick until a moderator removes it.   Bots obviously don't work - we get hundreds of those per day trying to get in - but  a captcha designed to work for people will be manipulated by an actual person.

Generally, I think we could ban all of China and not have any drop in readership but have a huge drop in spam.  That seems a little heavy-handed, though.

If anyone who reads this is an expert in spam deterrents and wants to pitch in and help, send me an email.

Hank Campbell | 10/07/09 | 12:21 PM
adaptivecomplexity
I like low barriers for commenting as well. Anyone who's tried to comment on a site they only visit occasionally can vouch for the fact that registration can be a strong deterrent to commenting. I think here is a decent balance here - spam that gets through the captcha generally doesn't last too long.

Michael White | 10/07/09 | 14:25 PM
Hank
The really crafty ones go so far as to create an account but we only run cron once an hour so even those are usually gone.   The ones last night only stayed because there were so many.    It inspired a comment deletion page for moderators so even spammers do us a favor at times.

Hank Campbell | 10/07/09 | 14:34 PM
Ladislav Kocbach
Thank you for your comments, and I appreciate that this comment is taken seriously. But ...
What I meant was this link being in the signature as a problem. A link in the body of the comment one can not do anything about, and I think most people (readers) actually look where a link points (at least I do - in the "status" field of the browser). I looked at this "Nice", and then wondered which writer on this blog would make such a meaningless comment, and I was about to click on the Tiffany link, without checking where it points - it was supposed to point to the page of the writer!

So what I meant, in short, is that the script which sets up the signature should not allow other links than links to the registered users of this site. That I suppose can be done quite easily.

Ladislav Kocbach | 10/08/09 | 04:56 AM

Add a comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <sup> <sub> <a> <em> <strong> <center> <cite> <code> <TH><ul> <ol> <li> <dl> <dt> <dd> <img> <br> <p> <blockquote> <strike> <object> <param> <embed> <del> <pre> <b> <i> <table> <tbody> <div> <tr> <td> <h1> <h2> <h3> <h4> <h5> <h6> <hr> <iframe>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
CAPTCHA
If you register, you will never be bothered to prove you are human again. And you get a real editor toolbar to use instead of this HTML thing that wards off spam bots.