Friday, November 19, 2010

Visitors Book Spam

I received two emails this morning from people who had received spam from someone who claimed to have got their profile from my website G4ILO's Shack. I don't have user profiles on my site. The only place the spammer could have got the email address is from the visitors' book, and sure enough when I checked both these people had made entries in it.

The visitors book uses the common trick to obfuscate the email address of encrypting it and using a Javascript function to display it in the user's browser. This worked on the assumption that spammers email harvesting bots simply grabbed the raw HTML pages and didn't use an actual browser so the Javascript didn't run and the email addresses remained hidden from the spammer.

I guess it was only a matter of time, given that computers are now much faster, before spammers started using embedded web browsers to load web pages before scanning them for email addresses. That is the only explanation I have for this. I have removed the display of the email address from the visitors book comments entirely, which should prevent this happening in future.

Some visitors ask questions or mention something interesting in their comments and I thought it would be useful for those who read them to be able to reply if they wish. But I doubt that many people take advantage of this so removing the email address is probably no great loss.


Dick said...

I did too. Wonder what she looks like!

VE9KK said...

Good morning Julian, The other day someone I know emailed me asking if I was sending them emails? He said they were rather odd emails but were using my email address. Not sure if this is the same thing you experienced but I found it rather odd and was not sure what to do about it.

Unknown said...

That sort of thing is quite common and is usually the result of someone with a computer infected by malware which is operating as a spambot. It might be worth checking your computer.

In this case, someone forwarded me one of the spam emails which purported to be from a young lady who claimed to have got their email address from "their profile at". It is yet more proof, not that more proof is needed, that spammers are the dumbest creatures on the planet because how could they confuse my site with a dating site? I just cannot imagine what they hope to gain from it.