I was surprised to see, this morning, a sort of bookmark spam attack in one of my Del.icio.us feed (tag:writing). I had around 30 bookmark entries with user names like: rollofle500, rollofle502, rollofle503? etc. All the messages have been sent at a minute of interval with different tags, different topics and all linked to the same website: http://torrents.on.nimp.org/?u=rolloffle that redirect us to http://www.gnaa.us/. I think the attack have been performed with an automated script that worked like this:
- He creates an account with a random name and a random email address.
- He login to this newly created account.
- He post a bookmark with this newly create account and put random tags that he get in a special word dictionary created for this effect.
- Finally he restarts the whole process.
It seems that the administrator of Del.icio.us had deleted these users and entries. They probably have been alerted of the situation and deleted them on the spot.
The problem is that erasing all the entries hadn’t repaired the entire problem because their feeds have been infected and distributed to hundred of subscribed users.
We are in right two ask this question: Why this situation happened? The answer is ease: because their authentication is not working properly. You can post bookmarks without validating your account. This is the real problem and why the spammer had been able to perform this sort spam attack. Even if you see this message:
» A verification email has been sent. Please check your mail. If it does not arrive shortly, go to the settings page and ask for another verification email.
You can do what you wish with your account.
What’s the solution to prevent future bookmark spam attacks on Del.icio.us? They will need to upgrade their registration and validation system to prevent the new users to be able to post bookmarks without being validated by the system.
Technoratie: [spam] [delicious] [bookmark] [authentication] [security]
Max
February 28, 2005 — 5:32 pm
There’s no hope for us!
I’m sure you know it, anyway maybe someone could not:
http://www.corante.com/many/archives/2005/02/01/tags_run_amok.php
P.S. I added this post to my del.icio.us list, of course!
Fred
February 28, 2005 — 5:32 pm
Hello max!
Nah I didn’t. I knew the blog but I subscribed to it after the first February.
So, as I thought, it was evident that it wasn’t the first time 😉
Thank for the link
Salutations,
Fred