How do they make blog spam so hard to detect?

Anyone that has visited a blog or forum will have seen those vaguely annoying one line posts that are generally bad grammer and say nothing except what a great blog it is, how they’ll be back soon and to keep up the good work, right?

Well that is so-called ‘Comment Spam’ and it is the bane of website owners like email spam is to, well, just about everyone else!

What they’re doing is embedding a link to a website either in the profile of the user, the ‘sig’ in the post or even inline in the comment. The vain hope is that ubiquity = high search engine ranking. Anyone who owns a forum will tell you that 90% of their time is spent combing comments for trash like this. Services such as Akismet can catch an awful lot of spam, if supported.

Preventing Identity Theft by Credit Bureau Monitoring

Lifelock LogoLifeLock was arguably the first online business to provide consumer-targetted Identity Theft Protection. Since their start in 2005, LifeLock has provided a useful service providing consumers with the tools they need to help protect themselves from identity theft and manage their credit. Scamdex was and continues to be a firm proponent of organizations like LifeLock and there are many imitators out there. You may have seen the early ads where the CEO showed his Social Security Number.

LifeLock are now continuing their consumer protection services by a new product called LifeLock Credit Score Manager. This service monitors the big three credit bureaux on a  daily basis, sending alerts when changes are made to the member’s credit files. The service also provides members with monthly updates and online access to their TransUnion credit score, and annual updates to credit scores and reports for all three credit bureaus.

Credit rating downgrades can be due to errors, high balances, too many credit inquiries or Identity Theft (Someone takes out a loan using your ID).  Low credit ratings can cause higher interest rates or denial of credit or even employment.

If your continued credit-worthyness is important to you or your business, it makes a lot of sense to have the most up-to-date information and this product seems to provide a solution.

They have a 30 day free trial – If you signup from this link, Scamdex will benefit financially :’)

Get Credit Score Manager from LifeLock for FREE for 30 days!
Manage and monitor your credit score at

PHP Exploit URL foxes Apache

There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:

My banana was once part of a bunch very similar to this one

My banana was once part of a bunch very similar to this one

Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts  is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly  ‘go away page‘ :).

In this case, the URL carries a payload that is itself a  link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ‘sKriptKiDee’, aka ‘Wanker’  on the sending end.

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?

Analyzing the url gets me to this reduction of required parts:

* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’

will cause the same problem on an awful lot of famous name servers. For example, including mine:,,,, etc etc.

For example, in the following link, everything except ‘’ is made up

but it still exhibits the same behaviour – WTF is going on?

and why, oh why can’t I detect it in my .htaccess file?

First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.

gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.

Good luck!


Still no replies and it’s still happening…. where have all the gurus gone?

… the Pipes, the Pipes are calling…. here’s the ScamPipe!

Here’s a little utility I knocked together using Yahoo’s Pipes ( It allows you to aggregate, sort and filter feeds from various sources to make one combined info thingy.

Let me know what you think – I can add a couple of extra data feeds in, let me know if you have some to include.