Looking through the Bad Behavior logs, I've noticed a bunch of rejected trackback spam attempts from 64.71.177.84, belonging to Hurricane Electric (Not the first time I've seen that name, btw. They seem to be popular with the spammers, for whatever reason ...).

Well, I decided to type that IP address into my browser and got this piece of PHP code:

; $from_mail = "phpauth@yandex.ru"; $to_mail = "grigory@mail.astrakhan.ru"; $message = "Subject: testnFrom: $from_mailnTo: $to_mailntest"; $host = "smtp.yandex.ru"; $port = 25; $errno = 30; $errstr = 1; $timeout = 1; $handle = fsockopen($host, $port, $errno, $errstr, $timeout); fputs($handle, "EHLO $hostrn"); echo fread($handle, 4096) . "

"; fputs($handle, "AUTH LOGINrn"); echo fread($handle, 4096) . "

"; fputs($handle, base64_encode($user) . "rn"); echo fread($handle, 4096) . "

"; fputs($handle, base64_encode($pass) . "rn"); echo fread($handle, 4096) . "

"; fputs($handle, "MAIL FROM:<$from_mail>rn"); echo fread($handle, 4096) . "

"; fputs($handle, "RCPT TO:<$to_mail>rn"); echo fread($handle, 4096) . "

"; fputs($handle, "DATArn"); echo fread($handle, 4096) . "

"; fputs($handle, "$messagern.rn"); echo fread($handle, 4096) . "

"; fputs($handle, "QUITrn"); echo fread($handle, 4096) . "

"; fclose($handle); ?>

Email stock spam has reached a new low of (un-)readability. I found this in my inbox this morning:

Subject: +[!]:.:!*)+(*)[++  (-!-.)!  )!)(*-(- !

Sy+m b.oool F)D.E)G
Price 0.04
Ta.rg:et 0.12

... and that was the entire content of the email. No attachments, no HTML.

I have a hard time believing that this would work. Which sane person would care to decipher this and then actually go and buy that stock? Surely the people stupid enough to fall for that sort of scam are too stupid to understand that email in the first place. I mean, the early stock spams at least tried to look like "insider tips". But this?

My current theory is that this sort of stock spam isn't really targetted at normal people any more. There is probably some sort of ecosystem of freeloaders in place now. I.e. people who know that this is a scam to drive up the prices but buy the stock nonetheless, accepting that they get a smaller piece of the cake than the actual spammer.

Fortunately, neither stock spam nor this sort of obfuscation are common in webspam.

Just now, someone is trying to spam this site with porn spam that contains a link to a SETI@home profile page (user id 8695192) stuffed with more porn keywords and linking to screamandcream.com.

Well, at least it was something I hadn't seen before ...

This was just rejected as spam on one of my sites:

hello , you have a very nice site, but Im hired to leave advertising comments on sites, sorry i hate to do it but i have to . If you dont like advertising comments please send me an email with your site address to tedirectory(at)yahoo(dot)com and I will not write on your site. Sorry for inconvenience.

Now isn't that nice? I can opt-out of having my site spammed. And yes, that's the unmodified email address from that (attempted) post there. read more

Ah, Geocities - that brings back memories: I had my first homepage on Geocities, back in 2000, before I had my first own domain ... sigh

Of course, the reason I mention Geocities here is a completely different one: Some idiot is sending trackback spam for pages on Geocities. The URLs are made up of names followed by a two-digit number, e.g. GarrettBuck31, LewisShannon83, DonnPotter77, etc.

The text of the trackback contains a headline scraped from the site he's spamming. So on this site, for example, I'm seeing spam that includes "Trackback spammer (2nd update)", "Nasty trackbacks", etc. How fitting ...

The title of the trackback spam usually contains the words "adult cam", and that's what it's for: The Geocities URLs redirect to wellcams.com and include an affiliate ID (877:1), so it's probably some amateur spammer trying get some money from those.

The good news: Many of the Geocities URLs don't work. So either their abuse department is after them or the spammer is using non-working links (wouldn't be the first time). And, of course, none of those trackbacks make it through.

Dear spammers: Trackback spam is dead. Get used to it.