Remember way back when you first got interested in web design? Seems like an eternity ago in web years when I made my first clumsy web sites. Maybe you got started making home pages for friends or a local club. Maybe you helped some people get hosting accounts, set up a quick web site with a forum and a blog and a shopping cart. Ah, those were the days.
It’s easy to forget that many of those old web sites are still online – abandoned, un‑maintained, and insecure. Many of them date from the days before web spam was common, so they don’t include any spam protection.
Spammers know this. And they love it. Here’s why:
That’s a real screen capture from a forum that was once a real community – but has since been forgotten by its unsuspecting owner.
This is an all‑too‑common occurrence in recent months. In order to try to avoid being caught, spammers are hosting their advertisements for porn and pills on these old abandoned forums, which typically have an open automated registration system that lets anyone create an account without the owner’s knowledge or intervention. Then they send thousands of spam messages in blog comments and emails, with a link to those abandoned forums.
In other words: right now, someone might be sending offensive spam to thousands of blogs with a link to your web site. Like this example, taken from a comment spam (we’ve censored the real domain name for obvious reasons):
&lt;a href="http://[REDACTED].com/forum/showthread.php?p=200789" rel="nofollow"&gt;Amateur with natural big boob&lt;/a&gt; -Cori the natural milf shows off her big juicy tits &lt;a href="http://[REDACTED].com/forum/showthread.php?p=200794" rel="nofollow"&gt;Free big tit blonde movie&lt;/a&gt; -Samantha babe plays with big boobs and poses in bed &lt;a href="http://[REDACTED].com/forum/showthread.php?p=200805" rel="nofollow"&gt;Big tit porn star movie&lt;/a&gt;
Sadly that’s some of the less offensive spam – it took a while to find an example we could safely publish. Akismet will almost always catch these spams of course, but not everyone uses Akismet.
This technique has been around for a while, but in recent weeks we’ve seen a massive increase in the sheer number of un‑maintained sites exploited in this way. Forums are the most common victims, but we’ve also seen forgotten photo galleries, blogs and social apps exploited in the same way.
Left unchecked, the damage to your reputation could be substantial – not to mention what it could do to your search engine positioning. So we’re advising everyone to please check on your old web sites.
If you have ever set up a web site for someone — or installed a test copy of a forum or web application on your own web site, even one that was never publicly announced — now would be a great time to check that it hasn’t been exploited by spammers. If it’s still clean but unneeded, consider removing it or disabling the account signup process as a preventative measure.
If you’d like to keep it online, make sure you install a spam filter like Akismet – there are Akismet plugins available for vBulletin, phpBB and most other popular web forums.