Remember that web site you made years ago?

Remember way back when you first got interested in web design? Seems like an eternity ago in web years when I made my first clumsy web sites. Maybe you got started making home pages for friends or a local club. Maybe you helped some people get hosting accounts, set up a quick web site with a forum and a blog and a shopping cart. Ah, those were the days.

It’s easy to forget that many of those old web sites are still online – abandoned, un‑maintained, and insecure. Many of them date from the days before web spam was common, so they don’t include any spam protection.

Spammers know this. And they love it. Here’s why:

Web forum overrun by spammers

That’s a real screen capture from a forum that was once a real community – but has since been forgotten by its unsuspecting owner.

This is an all‑too‑common occurrence in recent months. In order to try to avoid being caught, spammers are hosting their advertisements for porn and pills on these old abandoned forums, which typically have an open automated registration system that lets anyone create an account without the owner’s knowledge or intervention. Then they send thousands of spam messages in blog comments and emails, with a link to those abandoned forums.

In other words: right now, someone might be sending offensive spam to thousands of blogs with a link to your web site. Like this example, taken from a comment spam (we’ve censored the real domain name for obvious reasons):

<a href="http://[REDACTED].com/forum/showthread.php?p=200789" rel="nofollow">Amateur with natural big boob</a>
-Cori the natural milf shows off her big juicy tits
<a href="http://[REDACTED].com/forum/showthread.php?p=200794" rel="nofollow">Free big tit blonde movie</a>
-Samantha babe plays with big boobs and poses in bed
<a href="http://[REDACTED].com/forum/showthread.php?p=200805" rel="nofollow">Big tit porn star movie</a>

Sadly that’s some of the less offensive spam – it took a while to find an example we could safely publish. Akismet will almost always catch these spams of course, but not everyone uses Akismet.

This technique has been around for a while, but in recent weeks we’ve seen a massive increase in the sheer number of un‑maintained sites exploited in this way. Forums are the most common victims, but we’ve also seen forgotten photo galleries, blogs and social apps exploited in the same way.

Left unchecked, the damage to your reputation could be substantial – not to mention what it could do to your search engine positioning. So we’re advising everyone to please check on your old web sites.

If you have ever set up a web site for someone — or installed a test copy of a forum or web application on your own web site, even one that was never publicly announced — now would be a great time to check that it hasn’t been exploited by spammers. If it’s still clean but unneeded, consider removing it or disabling the account signup process as a preventative measure.

If you’d like to keep it online, make sure you install a spam filter like Akismet – there are Akismet plugins available for vBulletin, phpBB and most other popular web forums.


  1. Ha, I setup a test forum a while ago, wasn’t used, checked it a few weeks ago, 8,000+ calendar events like this. Simple SQL got rid of them, but I was slightly amazed at the sheer volume of them in only a few months.

  2. Another problem is orphaned e-mail accounts that get hijacked. Unfortunately, many of the freebie e-mail providers don’t have any way to completely close or disable the account — and that includes the likes of Hotmail and Yahoo!

    1. This is true – though we’ve not seen evidence of it being a factor in web and forum spam. Web spammers tend to use new free email accounts when they need a working address – they can be bought for a fraction of a cent per email address.

  3. This is SUCH a good point – I recently deleted about 10,000 spam comments from a blog that I hadn’t posted on for a couple of years. Scary.

  4. Spam was so much of a problem on an active wiki I run that I have had to lock it down completely.

    Now, only registered users can edit anything, and users need to be manually created by me. It really undermines the wiki concept, but there was no alternative.

  5. I have to approve all comments. Most of them come from Amsterdam porn sites which I don’t share with my readers though, I admit I have checked out the url they leave. Occasionally, I’ll e-mail a spammer and ask what their comment has to do with the subject of the blog entry. They never answer.

  6. That pic made me really sad.

    I love forums, the way data os organized and how ppl talk on it. Unfortunately, after orkut popped up, forums became less populated… I remember when ppl with just a bit mor popularity than normal used to create small free forums and ask their friends to call their friends to join those forums, and we met new fun ppl and admins started asking to click on “top forum” banners so that they won prizes like exclusive professional themes or even money.
    Now orkut raped all that fun, and instead of intelligent ppl talking about intelligent stuff we see dumb ppl that don’t even know how to type fighting anybody with slightly differnt oppinions about dub subjects.

    And that forum is like many others that I used to visit. Old small community forums that are now dead… and as if it wasn’t enough sad, spammers also use them, and it looks like a spammers forum with spammers “happily” talking with each other about spam subjects…

    Yeah, those were the days 😦

  7. Pingback: Line Items for 2009-07-07 | K-Squared Ramblings

Comments are closed.