Hi !
First of all, I'm using serendipity for about 8 months and I'm delighted with it.
Today I received a kind of spam trackback that was linked to an unpublished entry of my blog. I'm wondering how it was possible for the spammer to find the link to this post, since it has never been published and always stayed as 'Draft'.
Can it be a possible security issue or misconfiguration of my installation ?
Thanks for your help !
Fab
trackback on unpublished entries
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: trackback on unpublished entries
Hi!
Which serendipity version are you using?
It might be that s9y does not check if an entry is published or a draft when receiving trackbacks (since only the ID of an entry matters).
It might be that spammers simply tried various IDs to trackback to on your blog...
Best regards,
Garvin
Which serendipity version are you using?
It might be that s9y does not check if an entry is published or a draft when receiving trackbacks (since only the ID of an entry matters).
It might be that spammers simply tried various IDs to trackback to on your blog...
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
-
j_b_poquelin
- Posts: 4
- Joined: Wed Feb 14, 2007 12:21 pm
Hi !
Thanks for your answer.
I'm using the last version 1.1, french language.
As you said, maybe the id was tried by chance by the spammer, but what is strange is that the adress of the link mentionned in the automatic email I received from serendipity (to notify me about the new trackback) is explicitely the title of my draft entry. Anyway, the page is not visible if I click the link proposed.
Thanks for your answer.
I'm using the last version 1.1, french language.
As you said, maybe the id was tried by chance by the spammer, but what is strange is that the adress of the link mentionned in the automatic email I received from serendipity (to notify me about the new trackback) is explicitely the title of my draft entry. Anyway, the page is not visible if I click the link proposed.
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Hi!
S9y creates the propery entry URL by simply receiving the ID in the URL, so that makes the ID-detection still the most likely cause.
I just committed a patch to our repository that will disallow trackbacks to entries that are drafted or not yet published.
(http://svn.berlios.de/viewcvs/serendipi ... 0&view=rev)
Best regards,
Garvin
S9y creates the propery entry URL by simply receiving the ID in the URL, so that makes the ID-detection still the most likely cause.
I just committed a patch to our repository that will disallow trackbacks to entries that are drafted or not yet published.
(http://svn.berlios.de/viewcvs/serendipi ... 0&view=rev)
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/