The following article was published in 2600 magazine (Volume 30, Number 2) in Summer of 2013. It is republished here with permission.
This week a client forwarded me a spam email he received that I thought was interesting. It is reproduced below, with sensitive information and spam links redacted out:
I stumbled onto this comment in a client's Wordpress database, and thought it was interesting. It looks like a spam bot malfunctioned and output all of (or at least, a large portion of) its comments. They are reproduced below:
I've been working on a tool that I call "Watchtower" for the last several weeks. Watchtower is a platform- and language-agnostic Static Code Analysis tool that can be used for code audits and incident-response.
I recently published a new plugin to the Wordpress.org Plugins Directory. I call it Foresight. It is available for download here:
Foresight is a simple plugin that serves a simple purpose: it helps blog administrators to stay current on known exploits for Wordpress and for Wordpress plugins.