09.27.57 - Mark
Late last week I had about a dozen junk posting find their way into my blog's database. They wern't comment spam, although at first glance they looked like it, with junk email addresses and the poorly spelled messages characteristic all spam seems to contain. What was a bit atypical was the spammer's address which was at my domain. It didn't hit me why this was until this morning when I had another one of these messages pop up.
I was being used to help sleezeballs in Latin America spam some poor fool's email account.
Ooops. My Bad.
The quick patch was a series of rules you need to meet before a comment is posted, and when I get around to it I'll probably put together some IP filters and email verification code as a basic spam filtering system, and then move it over to another "installation" of my blog software before spammers discover it in 3 months.
Other than the measures I can take, I kind of feel bad for the dozen or so people who have been spammed because of an exploited error in my code...