Facebook closes door for spammers

Facebook has closed a hole that was being used by spammers to automatically post wall messages and direct messages to friends.

Just clicking on the link to one of the applications that were taking advantage of the bug would allow the auto-posting to happen, Facebook said on Tuesday. The apps, which appeared to be sending people to a survey web site, were disabled on Monday.

"Earlier this week, we discovered a bug that made it possible for an application to bypass our normal CSRF (cross-site request forgery) protections through a complicated series of steps. We quickly worked to resolve the issue and fixed it within hours of discovering it," Facebook said in a statement. "For a short period of time before it was fixed, several applications that violated our policies were able to post content to people's profiles if those people first clicked on a link to the application."

For more on this story, read Facebook closes hole that let spammers auto-post to walls, friends on CNET News.