Frederick Ding
Forum Replies Created
-
I also have Akismet enabled. I took a look at the Jetpack source code and it’s pretty clear that the code isn’t set up to prevent this form of abuse.
Funnily enough, the Jetpack source code detects “blacklisted” characters in the name but decides to MIME-encode them (thus preserving them and allowing the characters to go through): https://github.com/Automattic/jetpack/blob/241671d60d80fd78a1fb3753eb919eb542b5f520/modules/sharedaddy/sharedaddy.php#L25-L46 (committed March 28, 2017)
However, it only MIME-encodes them in the name, and passes such spammy names through in the body of an email without sanitizing the junk: https://github.com/Automattic/jetpack/blob/335ccaf7f2469ccafd313a879bcd48ab4ea9e6b0/modules/sharedaddy/sharedaddy.php#L103-L111
The name field is part of what gets passed to Akismet, but it looks like Akismet isn’t smart enough yet to recognize this pattern of abuse.
Noticed the same in my SMTP log (here’s an example).
Discreet dating. Anonymous sex meetings. Candid erotic dating. https://[link removed] ([email protected]) thinks you may be interested in the following post:- This reply was modified 6 years, 3 months ago by Frederick Ding. Reason: Removed identifying details in screenshot
Forum: Plugins
In reply to: [OGraphr for WordPress] Alcohol flag always onIt looks like user agent detection is hard-coded for Facebook-specific tags; this fails spectacularly due to caching.
