Bugzilla as a SPAM medium

After going through the Blogs Mailing List I come upon some interesting users. It is obvious to those who have signed up that there is no Captcha[1,2] so spammers go through.

The URL field of one of the latest entries had the following: https://bugzilla.andrew.cmu.edu/attachment.cgi?id=831

We can see clearly that this is a University system and a bug reporting system (bugzilla), to be more specific.

The file attached goes along the lines:

“Phentermine diet pills diet pills

As Phentermine diet pills is an older drug, no new efficacy trials have been conducted. The one notable excep…”

So the spammers are now storing their spam messages on University systems. The immediate purpose eludes me. If it was something else, like a MP3, I would understand but SPAM messages?

University Administrators tune in your outgoing filters to keywords associated with SPAM content (e.g., diet pills, via*ra, etc.). Since these files do not create much network traffic and are hard to trace.

[1] – Carnegie Mellon University, The CAPTCHA Project – http://www.captcha.net/
[2] – Wikipedia, CAPTCHA – http://en.wikipedia.org/wiki/Captcha

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Bugzilla as a SPAM medium

  1. matt says:

    Hi Konstantinos

    It’s a known issue with all our blogs and commenting, we’re currently smack in the middle of developing some new software that will address this issue.

    “Techincal Futures for Glams Blogs”:http://isdevelopment.weblog.glam.ac.uk/news/2007/mar/28/blogging-glamorgan-technical-futures/

  2. Marisa says:

    Yeh, as of this weekend I’ve been geinttg probably 10x the WordPress comment spam I was geinttg before. I think I may need to add a captcha even although I hate them!

  3. Areen says:

    If you do a Captcha, accessibility calls for using one that doesn’t elcxude blind people. For instance, Jeff Barr’s blog asks you to enter Jeff’s first name. Easy for anyone except a computer.You may not even need a Captcha if you upgrade to WordPress 2.0 (if you’re not there already) then use the Akismet plugin. It pools all the spam from multiple blogs so it does a really good job of detecting spam. You’ll need an Akismet key which you an get by signing up for a free blog at WordPress.com and then just use the key on your RussPage.net.

Leave a Reply

Your email address will not be published. Required fields are marked *