20081218 eBay scams

Everything began with this scam, which I received several times. I kept copies just for the sake of observing what would follow. Since you know, once s(c|p)ammers get your e-mail address, the rubbish stream won’t stop flowing: The missing ‘Sony Vaio PCG-VGX Brand New’ Hi again, i have no laptop from you by now if [...]

20071213 Get defacements, database dumps, remote shells, ownages and much more!

It works like that: you write dynamic code and allow parameters to be sent to your code. Then without any type of filtering or validation you use those raw values as parameters for your code. I’ll give you two examples so that you can get the result almost instantly: Example 1: open up your database [...]

20070905 Fed up with comment spam?

Akismet has caught 52.000+ spam comments since I installed wordpress. That was a year and a half ago, which is pretty impressive for a non popular blog. Most of the comments come from pingbacks, so it’s a good idea to install some kind of plug-in which disables pingbacks on posts after a certain time (~3 [...]

20070601 Mapspam

I was trying to polish it a bit more and then announce it but mr.doob just decided to go ahead and promote our latest idea, mapspam.net, in digg (feel free to digg it, of course). What you can see is a very preliminary draft of a for-fun project. I showed mr.doob a wordpress plug-in that [...]

20061107 ¡Observar por favor!

Mejor mensaje de spam en mucho tiempo: Estimado usuario de Online Banking ! Observar por favor que a partir de el 9 de noviembre el servicio de las en linea de actividades bancarias en Espana sera suspendido debido a un ataque vigoroso de hackers contra los Web site de los bancos espanoles mas populares (Banesto, [...]