It's a bit sad that the first of the new .asia top-level domains that I came across "in the wild" turned up in a spam post today: v3x.asia. And ringtone spam at that, how lame ...

So, every day I see at least one of these spam posts. They all follow the same scheme and they all use hacked WordPress sites of completely unsuspecting people or organisations. And they all redirect to these fake "search engine" sites that so often show up here ...

So, if you are running a site on WordPress or know someone who does, please keep it up to date and try to follow the numerous security issues that seem to crop up every other day (either affecting some add-on or WordPress itself). BlogSecurity is a good site to stay up to date. They provide security tips and also a WP Vulnerability Scanner to test your site with.

Back to our spammer (and, presumably, WordPress hacker). He always puts a bunch of files into a directory on the hacked site and then links them, one keyword at a time. For example (full URL left out):

I ranted about those stupid script kiddies and their fruitless yet annoying attempts to exploit something that isn't there before. Of course that didn't change a thing - we're still seeing more than 20% of the requests on our webserver being inclusion attempts.

A new variation, however, is the use of ftp: links for the inclusion attempt: read more

Profile spam is an old trick of the spammers. They simply create a profile on a popular forum, stuff it with their spammy links - and leave it sitting there. This usually works quite well since (lists of) profile pages are often linked prominently from the forum's main pages and therefore have a good position in search engines. You don't even have to post anything on the forum to profit from this.

This can also be combined with the "abandoned message boards" approach where the spammers leave posts on unused message boards and then spam for those posts. Which in turn point to the spammers real (and valuable) domains.

And in this combined "spam for profile pages" tactic, the spammers don't shy away from using prominent sites. I've already seen spam for SETI@home profiles, digg.com profiles, and various other well-known sites.

I didn't know you could also do this with pages of the venerable World Wide Web Consortium (W3C), though. But one spammer did just that. read more

For the last 2 or 3 days, someone has been sending out spam emails with faked email addresses @project.geeklog.net. Nothing new here, happens all the time, and if you own a domain, it'll happen to you eventually. On my own domains, I simply forward the catchall to a GMail account (hey, finally something to fill up those 6 GB!). On geeklog.net, however, we can't do that for various reasons. And so we're drowning in bounces now. read more