Serendipity Forums

Hi !

First of all, I'm using serendipity for about 8 months and I'm delighted with it.

Today I received a kind of spam trackback that was linked to an unpublished entry of my blog. I'm wondering how it was possible for the spammer to find the link to this post, since it has never been published and always stayed as 'Draft'.

Can it be a possible security issue or misconfiguration of my installation ?

Thanks for your help !

Fab

Hi!

Which serendipity version are you using?

It might be that s9y does not check if an entry is published or a draft when receiving trackbacks (since only the ID of an entry matters).

It might be that spammers simply tried various IDs to trackback to on your blog...

Best regards,
Garvin

Hi !

Thanks for your answer.

I'm using the last version 1.1, french language.

As you said, maybe the id was tried by chance by the spammer, but what is strange is that the adress of the link mentionned in the automatic email I received from serendipity (to notify me about the new trackback) is explicitely the title of my draft entry. Anyway, the page is not visible if I click the link proposed.

Hi!

S9y creates the propery entry URL by simply receiving the ID in the URL, so that makes the ID-detection still the most likely cause.

I just committed a patch to our repository that will disallow trackbacks to entries that are drafted or not yet published.

(http://svn.berlios.de/viewcvs/serendipi ... 0&view=rev)

Best regards,
Garvin

Thanks a lot, that's great !!!