New type of profile spam?
Has anyone seen profile spam like this? In the past couple days, I have been getting a different sort of spam registration. Instead of cramming just one link in their occupation and interests fields, they are cramming 4, 5 or 6 links in there. When you view their profile page, the links all appear there. If you go to edit their profile page (which is where I go to delete the user) you can’t see the links displayed in those fields, but the links do appear in the source of the page. Take a look here:
This is the source of the user’s profile page (caution, porn links in there.)
That is the profile view showing the data they crammed into the occupation and interests fields.
That is the view you get when you click the [Edit] tab link. The only data shown in the occupation and interests fields is “My lovely sites:”, but if you view the source, it’s all there.
When registering a new user, the max length is 140 and the display length is 30 for the occupation and interests fields. When viewing the profile, the field lengths are the same. But here are 577 characters in this spammer’s occupation and interests fields, but when viewing that page, all you see is “My lovely sites:”.
It’s trivial to get around a form’s field length restriction with something like the Web Developer Toolbar, or maybe they’re doing it in a different way. I have an integrated install so the value is held in the wp_usermeta table, and the field is defined as longtext, which is a LOT of characters.
Has anyone else seen this, and does anyone think there should be some validation done on the data that’s input to ensure that it’s less than 140 characters before inserting it into the database?
This was Firefox 18.104.22.168 on Windows XP SP2, running bbPress 1.0-alpha from around March 2007, PHP 5.2.5, MySQL 4.0.27, Apache 1.3.34.
Thanks for reading.
- You must be logged in to reply to this topic.