Textpattern CMS

#1 2006-05-08 23:59:38

root

Member

From: Manila, Philippines

Registered: 2004-05-31

Posts: 48

#cpreview

I suppose this isn’t so much a “How do I…” than a “What the heck is…” but since there’s no forum marked such, I guess this goes here :)

I check my logs regularly, and I’ve never seen anyone access ...id=num#cpreview before, not even to comment. However, just this morning (I’m GMT +8) I’ve seen five people of different IPs access that access that specific anchor of one specific article (worse, without any referrer links).

I’m not really sure what my question is, but I guess I’ll go with: Does this mean anything? Can it be possibly used for an exploit of any sort? If not, then why?

#2 2006-05-09 00:06:04

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: #cpreview

That’s normal, that’s the url you should be seeing when you comment. :)

#3 2006-05-09 01:04:25

root

Member

From: Manila, Philippines

Registered: 2004-05-31

Posts: 48

Re: #cpreview

Strange though how I’ve never seen this anchor used before… Almost as strange as how none of them left comments XD

Alright, I’ll stop worrying about this now :P Thanks!

#4 2006-05-09 01:14:10

Tom Alday

Member

Registered: 2004-04-27

Posts: 38

Website

Re: #cpreview

spammers

#5 2006-05-09 05:57:49

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: #cpreview

It’s not spammers, that is the url you’re directed to when you comment.

If you view source your page, you’ll see the comment form looks like

<form method="post" action="the_article_url#cpreview"

This was added for 4.0.3, I believe.

Last edited by Mary (2006-05-09 05:59:06)

#6 2006-05-09 06:49:17

Sencer

Archived Developer

From: cgn, de

Registered: 2004-03-23

Posts: 1,803

Website

Re: #cpreview

The thing is: No (proper) User-Agent will sent an anchor to in the HTTP-request. They know it’s only for local consumption. So anytime a human comments you will indeed see no anchors in the logs. Some lazy bots on the other hand, don’t care for that and just encode the anchor and send it along with the Request. Hence when you se the “’#cpreview” part in your logs it is very likely a spammer. That was actually how my “stopitdude” anti-spam plugin would block them out – by checking the URI. Nobody ever had a false positive, and it did stop the spam back in December. I am a little suprised some spammers still haven’t fixed that… ;) Probably they are too cheap to update their tools… our benefit. ;)

#7 2006-05-09 11:17:05

root

Member

From: Manila, Philippines

Registered: 2004-05-31

Posts: 48

Re: #cpreview

Well, in that case then, thank you for the good work :D

#8 2006-05-10 05:03:20

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: #cpreview

The thing is: No (proper) User-Agent will sent an anchor to in the HTTP-request. They know it’s only for local consumption.

Ah. My bad.

Last edited by Mary (2006-05-10 05:03:34)

#9 2006-05-15 21:51:21

andrea

Member

From: la la land

Registered: 2004-02-24

Posts: 62

Website

Re: #cpreview

Sencer wrote:

That was actually how my “stopitdude” anti-spam plugin would block them out – by checking the URI. Nobody ever had a false positive, and it did stop the spam back in December.

thanks so much for setting that up – the little spam comments have started trickling in and already they’re annoying me. i’ll be upgrading to txp 4.0.3. tonight.