*^$%#` spammers.
I was noticing some really odd entries in my hit logs, and decided to do some research. The pages supposedly visited were along the lines of:
?pg=2/main.php?page=http://somespammer.spam
where, of course, “spammer.spam” was replaced by something that looked like an investment or pharmaceutical firm. Since I’ve never written posts like that, and don’t link to that kind of thing, these have no business being in my hit logs.
So I did some research.
here: Google has links, if you know what to search for
It seems that if you have a web form set up for email (like, say, on your contact page, or to allow readers to easily subscribe to an email newsletter) then you can be vulnerable to someone who knows enough about PHP and SMTP to, basically, hijack your form to send any kind of email to anyone and make it look like you sent it.
Needless to say, I’m not going to put up with that. While I may not have enough programming mojo to keep spammers from using the form in illicit ways, I can certainly remove the form.
SO it might be a bit more difficult to subscribe to the Graphic Novel Rankings newsletter (which once was weekly and will again be weekly just as soon as I can catch up) or to send me hate email about how much my website sucks — but motivated readers can still do either with a minimum of extra steps.
Other site owners: take note! Take a closer look at some of your incoming hits (not all traffic is good traffic) and if you don’t know where something is coming from, or why, there may be a similar exploitable feature on your site, and you should nail that sucker down.
