Skip to main content

Unmoderated Comments With JavaScript References

We have seen reports from several Bloggers that anonymous posters are making unmoderated comments to their blogs, containing a JavaScript reference, which redirects the reader to another web site. Right now, the reference, and the redirection, appears to be used for pumping up the reputation in individual quotes in QDB.com, but it doesn't require a lot of imagination to see how versatile this vulnerability could be in the long run.

Start by immediately moderating all blog comments, until this vulnerability is fixed.

>> Blogger Employee says
I pass it along (again) and we'll see if we can do anything about this.


>> (Update 7/6 10:00): Blogger Employee says
We made some changes to address the vulnerability issue (yesterday) so this should no longer be a problem.


>> Forum thread links: bX-*00055

>> Copy this tag: bX-*00055

>> Top

Comments

jjh said…
I have this problem on my blog, any word from Google if they're doing anything abou t it?

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Free Domain Registration By "UNONIC" Is Fraudulent

Blogger blog owners, like everybody else, like to save money.

Some blog owners prefer to save money when registering a custom domain, for their blogs. We've seen several free domain registration services, providing what is claimed to be a two level Top Level Domain "co.xx" (where "xx" == various country codes).

The latest in this ongoing story appears to be "net.tf" - and 13 other "top level domains".There is also an additional free service offering third-level .tf domains, under the name United Names Organisation. They occupy 14 second-level domains, including .eu.tf, .us.tf, .net.tf, and .edu.tf. They are run by the same company as smartdots.com, and are given away as URL redirections.