Now this is a nice and inconspicuous URL to use for referrer spam: http://forums.linux.dk/movie-forum.html. But wait a minute - a Linux movie forum? Ah, here's more of the same: http://forums.linux.dk/porn-forum-.html. Okay, something's fishy here ...
Of course it is. Those URLs do a JavaScript redirect to a porn site. linux.dk itself seems harmless enough - it appears to be the homepage of the Danish Linux user group. So unless the open source community is looking for new ways of income, I can only assume that their server was hacked and those redirect pages uploaded there somehow.
So what else can we find about this case?
The porn site in question is registered to Adrush Media Holland B.V. Doesn't ring a bell with me. The slogan on the homepage is "Sick entertainment for sick people" - nice ... The actual redirect from linux.dk goes directly to their forum.
I also found the whois information for the first couple of IP addresses the referrer spam came from somewhat amusing:
descr: Republic of Cyprus person: Michael Dionysiou address: Ministry of Education and Culture
Later spams came from all over the world (Chile, Austria), so it was probably just yet another case of a wide open (school?) network.
Comments (0)
Damn Spam!
http://spam.tinyweb.net/article.php/linux-porn-spam