- Next: someone did a lookup on the address, found the registrar details (it's in Taiwan).
- Next: someone did a portscan of the IP address which hosts the site, finds some interesting ports opened
- Next: someone finds that the MySQL port is open.
- Next: someone else finds out that the test user is left open on the database.
- Next: someone posts a list of the database contents.
- Next: the database contents are changing rapidly as various angry slashdotters trash it
There are many messages from this story. I regret the vigilante justice that occured, since there is next to no chance of arresting this spammer/cracker anymore. But, in no particular order, this episode tells me the following:
Don't bother clicking on the opt-out lists for spam, because it just validates your email address for that guy, or for the next bunch of spammers that s/he sells your address to. (Never bothered to click on it anyway)
Don't use IE, for the love of $deity (in all fairness, there was a patch available for this exploit, though)
Don't piss off the Slashdot crowd. Remember BOFH ? That's why.
Remember I told you that the money and the girl was at that address ? I lied.