What they did was find a way past the site based security to post under my account (i.e. userid 1). This is actually not so hard if you write a spambot that forges cookies. The problem is, posting from the interface kills off all HTML style formatting and the content sent was not flagged as base64 or anything else. i.e. it was just a jumble of letters. I think the spammer saw this and just stopped because if it actually worked they would have done it a LOT more to all of the lists. I'm closing the hole now.
Bottom line is that the filters are all ok but the site security can be breached by someone who subscribes and dissects their cookies. Not for very long (i.e. I'm working on the code now) >I think the spambots finally figured out how to get past MikeD's filters... > Or was I the only one who got spammed "by" the listmaster himself? > > -- > "The difference between theory and reality is that, > in theory, there is no difference." > --Ben > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:5:209683 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
