DISQUS

DISQUS Hello!  The comments on this profile are unclaimed and thus are unverified.

Do they belong to you? Claim these comments.

kay's picture

Unregistered

Feeds

aliases

  • kay
  • kay

kay

2 年 ago

in Anti-spam measures on Thinking inside a bigger box
I'm beginning to be really worried about what u wrote - this kind of attack that is now called XSRF.

Millions of webmasters are using CPanel. Due to stupid "feature" of cpanel, most of them are always logged in to their cpanels.

I have a script that does this "referer spam" - it sends hundreds of GET requests to a site, AWstats shows them as visits, i make a fake referer value, webmaster clicks on it and goes to a site that has an iframe with src:

http://www.VICTIMSDOMAIN.com:2082/frontend/x/mi...


hope not many ppl actually read this :-)

2 年 ago

in Anti-spam measures on Thinking inside a bigger box
ok - u got me!

it's true - it would work... i wrote this script before i even heard about XSS, now it's my hobby hehe...

but on the other hand - can u really do something like this in practice? i mean - my script serches for .wordpress.com blogs - and u don't really have that much control over their server responses!

it's a proof of concept - but I don't think you could really make it work..

btw. sometthing screwed with escaping " and ' in your comments

btw2. this "new kind of captchas" with math operations... they are very lame - i can write a script to comment spam blogs using it in 5 minutes.. it works - coz it's new and not too many spammers have scripts for it, but it's just a matter of time

3 年 ago

in How do I click an ad on the radio? on Mathew's comments
"We're very happy with the response" - says spokeswoman of compnay advertised in google ads in newspapers... she is happy, google is happy, newspaper is happy, users are happy - AS USUAL :-) i love google
Returning? Login