: Keeping your text entry fields secure I've noticed over the past few days someone has been entering text like the following into my comment fields : <a href="http://www.distritofederal.df.gov.br/003/00301009.asp?ttCD_CHAVE=101

@Moriarity557

They get links to their site, which is good for ranking high in the search engines.

And additionally they gain exposure, since visitors of your site might follow these links..

As @mark mentioned, it could very well be of malicious intend if the linked site is 'bad'

More important is to make sure that your site does not allow in the comments all types of tags. If you do, then someone could post a comment with a <script> tag that could load some malicious code to the browser of your sites visitors, and it would seem like you are the responsible party.. and your visitors would be exposed ..

Vote Up Vote Down

@Twilah146

One possibility is that this is enticing people to follow a link that includes some kind of exploit in the query string. I don't see anything that looks like an exploit in the example posted in your question though.

Another possibility is that the server that is being linked to has been compromised and is now being used by the spammer to host sites of which the server's operator may not approve.

As per other answers, it could also be someone doing generic link spamming, although it seems unlikely that a government department would use (or at least endorse) this technique. It may be someone testing out a link spamming system before they use it for real.

Vote Up Vote Down