You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm running Spam Karma 2.3 rc4 on WordPress 2.9.2 and I just recently
received a spam message which, despite having a bad Javascript payload and
a Flash Gordon problem, had a karma of 48.67.
After examining the problem, I discovered that it was using a URL of
http://myblog.com/?randomHexadecimalGibberish to trick the snowball plugin
into overriding the rest of the plugins with an injection of 60 karma.
I'm not familiar with the internals of Spam Karma, but here are the two
possibilities that came to mind:
- add a check that makes "self-link" karma conditional on the commenter
being logged in
- modify SK so karma for logged-in and non-logged-in users are is tracked
separately.
The temporary workaround I'll be trying is setting the snowball plugin to
weak. If that fails, I'll just have to disable it.
Original issue reported on code.google.com by [email protected] on 23 Feb 2010 at 11:23
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]
on 23 Feb 2010 at 11:23The text was updated successfully, but these errors were encountered: