Author Archives: Steven Wilson

COVID-19 Phishing Emails

Beware of COVID-19 Phishing Emails

Several new COVID-19 phishing email campaigns have been detected over the past few days that are exploiting fear about the novel coronavirus pandemic to deliver computer viruses and steal sensitive information.

People are naturally worried about getting infected with the real virus especially with the high fatality rate, so emails related to COVID-19 are likely to be opened.

Some of the phishing emails that have been intercepted are easy to identify as malicious. They are poorly written with spelling mistakes and grammatical errors, but some campaigns have been expertly crafted and are highly convincing and are likely to catch out many people.

The first COVID-19 phishing campaigns were detected in January and the number has steadily grown over the past few weeks. Many different threat groups are now using COVID-19 phishing lures to fool the unwary into disclosing credentials, visiting malicious links, or downloading malware.

The World Health Organization (WHO) has issued a warning after several phishing campaigns were detected that impersonated WHO. The emails claimed to provide essential information about cases in the local area along with advice on how to avoid infection. One of the most recently detected campaigns claimed to provide “Coronavirus Updates” with the emails containing a ZIP file attachment that appeared to be a PDF file – MYHEALTH.PDF. However, the file was actually an executable file – MYHEALTH.exe. If the file was opened, it triggered the download of GULoader, which in turn downloads Formbook malware from Google Drive. Another similar campaign included a Word attachment that downloaded the TrickBot Trojan, which is being used to deliver Ryuk ransomware as a secondary payload.

The Centers for Disease Control and prevention is also being impersonated. One campaign claims the novel coronavirus had become an airborne threat and warns of new cases in the local area. The emails appear to have been sent from a legitimate CDC email account – CDC-Covid19[@] The emails include an attachment titled “Safety Precautions” which appears to be an Excel spreadsheet, but it actually a .exe executable file. Double clicking on the file attachment triggers the download of a banking Trojan.

Email and text-based phishing campaigns are targeting UK taxpayers and impersonate HM Revenue and Customs (HMRC). The emails include a legitimate HMRC logo and advise the recipients about a new COVID-19 tax refund program. According the emails, the refund program was set up in cooperation with National Insurance and National Health Services and allows taxpayers to claim back tax to help deal with the coronavirus pandemic. In order to receive the refund, the user is told they must supply their name, address, mother’s maiden name and their bank card number.

In the past few days, a web-based malware distribution campaign has been identified. Several websites are now displaying world maps and dashboards that allow people to track the spread of the virus and find out about the location of new cases. People are naturally concerned about cases in their local area, and the website maps are attracting a lot of visitors.

Shai Alfasi, a security researcher at Reason Labs, discovered several websites using fake versions of maps and dashboards. The websites prompt users to download an application that allows them to track infections in real-time. The application is an executable file that delivers the AZORult information stealer.

With COVID-19 infections increasing and showing no sign of slowing, COVID-19 phishing campaigns are likely to continue. Organizations should raise awareness of the threat of COVID-19 phishing attacks with their employees and ensure appropriate technical solutions are implemented to block web and email-based attacks.

corona virus

Victims of coronavirus scams leave UK victims seriously out of pocket

Victims of scams related to the coronavirus outbreak lost nearly €1 million in February, according to the UK’s fraud and cybercrime centre.

In a warning to the public, Action Fraud UK said fraudsters conned people out of more than £800,000 (€918,000) in the month, using the COVID-19 crisis to concoct phishing email scams.

It said since the start of February, 21 cases of fraud have been identified where coronavirus was mentioned.

Ten were reported by victims who were trying to buy facemasks from fraudulent sellers, with one victim losing more than £15,000 on a purchase of masks which was never delivered.

Others were victims of coronavirus-themed phishing emails, where people are tricked into opening malicious attachments or divulging login information.

Some fraudsters have been pretending to be from research organisations associated with the Center for Disease Control and Prevention (CDC) and the World Health Organisation (WHO).

WHO has itself warned people of malicious emails appearing to be from the organisation.

“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” it says on its website, warning the emails ask for information such as usernames and passwords, or include malicious links or attachments.

How to steer clear of online scams

  • Don’t click on links or attachments in suspicious emails, says Action Fraud
  • Don’t reveal any personal or financial details during unsolicited messages or calls
  • WHO says you can verify the sender by checking the email address – an official WHO email will be sent only from an address ending in
  • Don’t feel under pressure to reveal any information – cybercriminals use emergencies such as coronavirus to scare people into making rash decisions
  • The WHO also advises, if you think you may have given personal information mistakenly to a scammer, change your credentials immediately
CAPTCHA Phishing Scam

CAPTCHA Phishing Scam Targets Android Users

A CAPTCHA phishing scam has been detected which is being used to trick users into downloading a malicious file that intercepts multi-factor authentication codes on a user’s smartphone. With the codes, hackers can perform a more extensive attack and gain access to a much wider range of resources such as email and bank accounts.

When a visitor lands on the phishing page, a check is performed to determine what device is being used. If the user is on an Android device, a malicious APK file is downloaded to their device. Any other platform will receive a zip file containing malware.

A fake version of the familiar Google reCAPTCHA is displayed on the phishing page. It closely resembles the legitimate version, although it does not support sound and the images do not change when they are clicked. The fake reCAPTCHA is housed on a PHP webpage and any clicks on the images are submitted to the PHP page, which triggers the download of the malicious file. This campaign appears to be focused on mobile users.

On an Android device, the malicious APK intercepts PIN codes from two-factor authentication messages, which allow the attackers to gain access to the user’s bank account. With these PIN codes, an email account can also be compromised, which would allow further accounts to be compromised by requesting password resets.

A successful attack could see several accounts used by an individual subjected to unauthorized access. Businesses are also attacked in a similar manner. Successful attacks on businesses could give the attackers access to huge volumes of sensitive company data and even infrastructure resources.

This method of delivering malware is nothing new and has been around since 2009. A CAPTCHA phishing campaign was detected in February 2018 attempting to download a malicious file, and a similar campaign was run in 2016.

A method of attack is adopted for a while then dropped. While it is possible to prepare the workforce for phishing attacks such as this through training, security awareness training alone is not enough as tactics frequently change, and new methods of attack are frequently developed.

As this attack shows, two-factor authentication is far from infallible. In addition to this method of obtaining 2FA codes, the SS7 protocol used to send SMS messages has flaws that can be exploited to intercept messages.

Security awareness training and 2FA are important, but what is required on top of these protections is a powerful anti-spam and anti-phishing solution. Such a solution will block phishing emails at the gateway and make sure they are not delivered to inboxes.

It is important to choose a solution that provides protection against impersonation attacks. Many phishing campaigns spoof a familiar brand or known individual. A solution that incorporates Domain-based Message Authentication, Reporting & Conformance (DMARC) will help to ensure that the sender of the message is genuine, by performing checks to make sure that the sender of the message is authorized to send messages from that domain.

Most anti-phishing solutions incorporate an anti-virus component that scans all incoming attachments for malware and malicious code, but cybercriminals are using sophisticated methods to evade detection by AV solutions. Files may include malicious code that is hard to detect. A sandbox is therefore required to execute suspicious attachments in a safe environment where they can be monitored for malicious activity. By testing attachments in the sandbox, malicious files can be identified and more genuine emails and attachments will arrive in inboxes.

Football Fraud

Middlesbrough FC fake football trial scam warning

Fraudsters are targeting young footballers across the world offering them fake trials in return for money.

Middlesbrough Football Club said it had been contacted by would-be professionals saying they had been offered trials by the club.

Club spokesman Paul Dews said in one case $150 (£116) was demanded but no cash was handed over.

A number of other clubs have been targeted and Middlesbrough has informed the Football Association (FA).

Mr Dews said the club had received at least 15 queries – from within the UK, Africa and the Caribbean – asking if the offers were genuine.

“We understand we are one of a number of clubs whose name is being used in this manner and have reported this to both the police and the FA, who we are currently assisting in their investigations,” he said.

Impersonating football agents

The FA said there had been a “number of reported scams/schemes in different areas of the country”.

Young players are promised trials and they or their family are asked for payment in advance to cover “insurance and travel”, it said.

Once the money is sent no more is heard.

The FA said it had alerted clubs and local police, and issued a warning to players and parents.

In the latest scam fraudsters had been impersonating football agents but did not appear to have received any money so far, Middlesbrough said.

Mr Dews said “any invitations for players to join on trial would always be made directly from the club and not from any third parties”.

Call center fraud

Raids mounted on fake Indian tech support centres

More than 50 people have been arrested in India for their alleged involvement in fake security warning scams.

The New York Times said that Delhi police made the arrests during raids on 26 call centres linked to the scams.

Software giant Microsoft helped police trace who was behind the large-scale operations.

It said it received more than 11,000 calls per month about fake security warnings and that many people lost significant sums to the fraudsters.

“This is an organised crime,” Courtney Gregoire, an assistant general counsel in Microsoft’s digital crimes unit told the US newspaper.

Microsoft has estimated that fraudsters make about $1.5bn (£1.2bn) a year through fake Windows support calls.

Raids on 16 call centres were carried out this week and, earlier in November, another 10 locations were visited by police.

The raids were prompted by Microsoft filing complaints with local police in New Delhi about call centres it claimed were involved in the fraudulent operations.

Typically, said Microsoft, attempts to trick people revolved around pop-up warnings that falsely claimed that a person’s computer was infected with a virus.

Fixing the non-existent virus could involve ringing a tech support centre. An operator would talk a victim through a fake fix and then charge them for the work.

In another version of the scam, staff at call centres claimed to be calling from Windows official support saying they had spotted that a person’s computer has been hacked or harboured a virus. Again, victims were expected to pay to fix the non-existent problem.

Some people caught out by the scam paid up to $1,000 for the fake tech support, said the newspaper.

Microsoft has published advice about ways to spot the fake calls and avoid becoming a victim.

Spam at supermarket

Drug addicts in Hawaii are actually taking ‘Spam’ towards feed their practices

Because its own intro throughout World War II, Spam has actually mesmerized Hawaii a lot to ensure that there’s also a yearly celebration commemorating the tinned meat.

Now Spam likewise shows up towards have actually caught the creativities of bad guys as well as drug user in the 50th condition.

Hawaii has actually seen a spate of shoplifters taking cans of Spam as well as resulting in shopkeepers keeping the item in secured cupboards or even maintaining it near to the checkouts therefore personnel can easily maintain their eyes on it.

Ra Long, that has a store in Hawaii’s Chinatown, informed Hawaii Information Since burglars have actually just lately changed coming from taking booze towards targeting spam.

“I imply you attempt as well as watch on it however if they operate you simply can not leave behind the chase after all of them and respond to. Therefore you simply reached get the struck,” he stated.

Previously in September, authorities in Honolulu stated that a guy took a claim of Spam coming from a shop in the capital’s Midtown area. When he was actually faced through a safety and security protector, the supposed thief punched the protector. Authorities are actually currently providing a $1,000 benefit for the guy.

As well as inning accordance with Kimo Carvalho, a spokesperson for the state’s biggest provider for homeless individuals, Spam is actually a profitable item for drug user to obtain their practical.

“It is fast money for fast drug cash,” Carvalho, that jobs at the Principle for Individual Solutions, informed Hawaii Information Currently. He included that items—including clothes as well as toiletries—were likewise being actually offered towards money drug practices.

Spam American Meat Icon

Spam is actually peculiarly prominent in Hawaii, where locals have actually the greatest per head usage of the tinned meat in the Unified Conditions. Spam is actually utilized in prominent sushi meals in Hawaii as well as is actually offered in quick meals chains consisting of Hamburger Master as well as McDonalds on the islands.

The foodstuff is actually therefore admired amongst locals of the islands that it is actually frequently described as the Hawaiian steak as well as a yearly road festival—known as the SPAM JAM —is kept as well as views cooks contending towards create one of the absolute most distinct Spam meal.

Spam has actually lengthy struggled with a credibility for tastelessness as well as being actually a supposed secret meat. However its own manufacturers state that it includes top quality pig shoulder meat as well as pork, together with sprinkle, sugar, flavors, and sodium. A number of chemicals—sodium nitrite, trisodium phosphate as well as salt ascorbate—are contributed to protect the meat as well as safeguard versus germs.

The phrase spam has actually end up being associated along with unsolicited e-mail notifications as well as interactions, partly because of a sketch through English comic army Monty Python, through which a restaurant’s food selection as well as customers are actually overtaken through Spam.

online phishing scam

Five smart things you should know about phishing

1. Phishing refers to the practice of sending e-mails posing as a genuine service provider and seeking to access confidential information about credit cards and bank accounts.

2. Such e-mails are designed to mislead the investor. Misaligned logos, expanded or contracted photos, or signatures with dubious designations are a giveaway.

3. Look for spelling and punctuation errors and unnecessary use of technical language. The drafts of these mails are not subject to quality checks of the original bank or institution.

4. No bank or service provider will ask you to open an attachment or click a link on a mail. Always access websites using the URL of the bank.

5. The messages that call for urgent action or dire consequences are usually spam. Banks do not send such communication through e-mails.

Spam SEO

Is SEO considered as a kind of spam activity?

Lately, we’ve been seeing a lot of SEO poisoning cases and felt it necessary to spend a little more time explaining them.

SEO (Search Engine Optimization) is all the rave these days. Anybody that owns a website and is trying to make an impact or working to improve their traffic has heard the term, and undoubtedly have become an SEO expert. If you’re not familiar with SEO, here is your quick definition:

“SEO stands for “search engine optimization.” In simple terms, SEO means the process of improving your website to increase its visibility in Google, Microsoft Bing, and other search engines…” Source: Search Engine Land

Many organizations will actually enlist the help of marketing consultants to assist in this optimization process. Ranking on the first page is highly coveted by many. In essence, if you are able to rank on the first page for a specific keyword, phrase, subject, etc. then you have the ability to generate a lot of traffic to your site. This in turn increasing the odds of visits. If you’re an ecommerce site, this equates to purchases. And if you’re a services company, this often equates to new clients. The idea is simple and highly effective. What is even better is that most search engines like Bing, Yahoo, and Google offer set criteria designed to improve your ranking within their searches.

It all sounds pretty awesome right?

Unfortunately, you’re not the only one who knows this. Today, SEO spam is one of the top five attacks we’re seeing on the web, and it’s quickly pushing its way up to number one. SEO attacks becoming so prevalent, we felt the need to do some homework to better understand them.

In the process we found a useful video by Matt Cutts of Google in Youtube. In the video Cutts answered a interesting question about SEO in Google point of view:

Question: Does Google consider SEO to be spam?
Short answer: No

Long answer is below:

Google don’t consider SEO to be spam. Now a few really tech savvy people might get angry at that. So let me explain in a little more detail.

SEO stands for Search Engine Optimization

And essentially it just means trying to make sure that your pages are well represented within search engines. And there’s plenty of white-hat, great quality stuff that you can do as a search engine optimizer. You can do things like making sure that your pages are crawlable. So you want them to be accessible. You want people to be able to find them just by clicking on links. And in the same way, search engines can find them just by clicking on links. You want to make sure that people use the right key words. If you’re using industry jargon or lingo that not everybody else uses, then a good SEO can help you find out, oh, these are key words that you should have been thinking about. You can think about usability, and trying to make sure that the design of the site is good. That’s good for users and for search engines. You can think about how to make your site faster.

Not only does Google use site speed in our rankings as one of the many factors that we use in our search rankings. But if you can make your site run faster, that can also make it a much better experience. So there are an enormous number of things that SEOs do, everything from helping out with the initial site architecture and deciding what your site should look like, and the URL structure, and the templates, and all that sort of stuff, making sure that your site is crawlable, all the way down to helping optimize for your return on investment. So trying to figure out what are the ways that you are going to get the best bang for the buck, doing AB testing, trying to find out, OK, what is the copy that converts, all those kinds of things.

There is nothing at all wrong with all of those white hat methods

Now, are there some SEOs who go further than we would like? Sure. And are there some SEOs who actually try to employ black hat techniques, people that hack sites or that keyword stuff and just repeat things or that do sneaky things with redirects? Yeah, absolutely. But our goal is to make sure that we return the best possible search results we can. And a very wonderful way that search engine optimizers can help is by cooperating and trying to help search engines find pages better.

SEO is not spam. SEO can be enormously useful

SEO can also be abused. And it can be overdone. But it’s important to realize that we believe, in an ideal world, people wouldn’t have to worry about these issues. But search engines are not as smart as people yet. We’re working on it. We’re trying to figure out what people mean. We’re trying to figure out synonyms, and vocabulary, and stemming so that you don’t have to know exactly the right word to search for what you wanted to find. But until we get to that day, search engine optimization can be a valid way to help people find what they’re looking for via search engines.

We provide webmaster guidelines on There’s a free webmaster forum. There are free webmaster tools. There’s a ton of HTML documentation. So if you search for SEO starter guide, we’ve written a beginner guide where people can learn more about search engine optimization. But just to be very clear, there are many, many valid ways that people can make the world better with SEO. It’s not the case that, sometimes you’ll hear SEOs are criminals. SEOs are snake oil salesmen. If you find a good person, someone that you can trust, someone that will tell you exactly what they’re doing, the sort of person where you get good references, or you’ve seen their work and it’s very helpful, and they’ll explain exactly what they’re doing, they can absolutely help your website. So I just wanted to dispel that misconception. Some people think Google thinks all SEO is spam. And that’s definitely not the case. There are a lot of great SEOs out there. And I hope you find a good one to help with your website.

But.. SEO has evolved in many areas.

The challenge with that is how SEO has evolved. In our own experience, it is no longer this simple, and the majority of the SEO attacks revolve around pharmaceutical injections. A recent study actually discusses why the pharmaceutical affiliate marketing model has become so effective and highly coveted with blackhats today. If you’re wondering why, it’s because of how economically rewarding it is. That’s a post for another day though.

The good news is that principles of these SEO spams are still the same today. In 2010 Sophos described the following:

At the heart of the SEO attack is the ability to feed search engine crawlers content to index and redirect users to malicious sites.

Today that is still key, but their methods have evolved. We’re seeing highly complex malware injections that are intelligent by being able to adapt to incoming traffic. Many are targeting the search engine IPs like Bing and Google, while others are being wrapped into conditional logic that only presents itself when specific conditions are met, and yet others are being tied into Command and Control nodes that are dictating what the site should do on visit.

More and more of them however are integrating themselves into the Pharmaceutical affiliate model as described above. What is perhaps most interesting about this is that those sites are rarely distributing drive-by-download payloads. Instead they are being maintained in pristine condition with no other anomalies other than the improper redirection.

We are also seeing no real preference on the brand or traffic of the site. In fact it appears that they are more than content with low-hanging fruit than they are in penetrating a high-ranking site with a well-known brand. This we find exceptionally interesting.

Many have undoubtedly experienced the impact of these SEO attacks. They often lead to the inevitable warning by Google, “This site may be compromised!” or “Something’s not right here!” We wrote a post describing these warnings earlier this year.

Unfortunately, there is no real solution to this problem. The threat landscape in which most websites live is just too large and most website owners really don’t care about it. That’s probably today’s biggest issue.

So where does that leave things today?

If you have any questions or comments about this post please leave a your comment at our contact page.

Microgaming Poker Network

iGame Malta joins Microgaming Poker Network

We are pleased that iGame Malta has decided to transfer to the Microgaming Poker Network, and we understand that the iGame gamers will find the MPN, with its concentrate on producing an environmentally sound online poker environment, to be a invite home.

“We remain in also advanced conversations with a variety of various other significant drivers looking to sign up with the Microgaming Poker Network. The considerable advancements Microgaming has made to the way the online poker network is managed via our Network Management Board, combined with significant software developments, has made the MPN the network of choice for top rate drivers looking for a steady, long-term tactical companion. We appearance ahead to revealing more drivers signing up with the network in the future.”

Microgaming is recognized as the world’s biggest provider of online video pc gaming software. The website www.microgaming.carbon is happy to announce that the iGame Malta Ltd will sign up with the Microgaming Poker Network also known as MPN.

iGaming Malta is well-known for operating online poker websites such as,,, and and has a gamer data source of about one million. The drivers are presently in the progress of moving the present network to Microgaming Poker Network by completion of this year

It will sign up with the MPN, iGame Malta Ltd as well as offer a variety of QuickFire items that are powered by Microgaming. There will more than 350 gambling establishment video games and amongst them Microgaming’s smash hit ports and licensed items such as Thunderstruck II, Lara Croft: Burial place Raider™ and Hellboy™.

Tommi Maijalaa, that is the managing supervisor for iGaming Holding Ltd. has said, “We are enjoyed be signing up with the Microgaming Poker Network and protecting for our gamers access to the finest online Poker software, great liquidity and a protected long-lasting future. The experience of gamers is constantly our utmost priority, so signing up with the MPN is an extremely all-natural development for us. We have received excellent support from Microgaming and very a lot appearance ahead to functioning with them right into the future.”

Lydia Melton, that is the head of Network of Gaming at Microgaming has included, “We are pleased that iGame Malta has decided to transfer to the Microgaming Poker Network, and we understand that the iGame gamers will find the MPN, with its concentrate on producing an environmentally sound online Poker environment, to be a invite home.

“We remain in also advanced conversations with a variety of various other significant drivers looking to sign up with the Microgaming Poker Network. The considerable advancements Microgaming has made to the way the online Poker network is managed via our Network Management Board, combined with significant software developments, has made the MPN the network of choice for top rate drivers looking for a steady, long-term tactical companion. We appearance ahead to revealing more drivers signing up with the network in the future.”

PHP Spam Poison – Free Download


The PHP Spam Poison is a fake-page generator that simulates long lists of fake email addresses and links to more generated pages, to be harvested by spam-robots, effectively poisoning their databases with useless email addresses. This spam poisoner was inspired by the WPoison software from

Features of the PHP Spam Poison

  • It uses PHP, so no CGI access is needed.
  • Fast and lightweight.
  • Highly configurable.
  • Can be included by others PHP pages.
  • Require software available in most hosting services.
  • Doesn’t require a SQL database.
  • Works in Linux/Unix and Windows servers (with IIS or Apache).
  • GPL license (open-source).
  • Simple to install.


Required: PHP 4.1.x or higher. Your web server should be able to interpret the PHP language. It really doesn’t matter the platform (tested with GNU/Linux and Windows 2000).
Required: A web server. It should work with any web server running in your workstation or server (tested with Apache in GNU/Linux, with Apache in Windows 2000 and IIS in Windows 2000).

Download the PHP Spam Poison

The current version are available as a tar.gz package or as a zip file at

Also you can find ther the Readme (readme.txt), Changelog (version.txt), checksums (checksums.txt) and license (license.txt) files.

Installation of the PHP Spam Poison


1) Get the files
Get the files from (There are zip and tar.gz files available). Be sure to download also the wordlist.

2) Unpack

Extract the script files in a web server directory. That will create a “phpwpoison” directory with few filesinside. Then unpack the wordlist and save it in the same directory.

3) Change ownership

Change the ownership of those files and the directory “phpwpoison” to the user used by your web server (usually “nobody” in Unix/Linux). To change the ownership in Linux/Unix, you execute in a shell terminal.

chown -h -R nobody:nobody phpwpoison/

In Windows environments, using the Windows Explorer, check the Security tab of the Properties dialog of the directory, and set the permissions so that the user IUSR_servername has permissions to read and write on the “phpwpoison” directory.

If you cannot set the ownership, at least be sure to enable writting permissions in the directory.

4) Rename the directory

Rename the phpwpoison directory to a simple name. Avoid “poison”, “spam”, etc. The idea is to not give a clue to those email-harvester robots that this is a trap.

5) Rename the script

Rename the emailusers.php file to any simple name. Avoid “poison”, “spam”, etc. The idea is to not give a clue to those email-harvester robots that this is a trap.

6) Configure

Edit the renamed PHP file, changing at least the pwp_scriptname variable. If you renamed the script to “listusers.php” then set the pwp_scriptname variable to “listusers.php”. Also, check the pwp_html_postheader and pwp_html_footer variables, where you can
insert HTML so the generated pages match your website look.

7) Test

Try to open the renamed PHP file from your the browser thru the web server. (Please note that by default, the script will make a pause of up to 30 seconds before finishing rendering the page; to modify or eliminate that delay, edit the script and change the options pwp_minsleeptime and pwp_maxsleeptime).

8) You are done.

The following step is optional:

9) Create a spammer list (option available since version 1.1.0)

Maybe you already have a list of email addresses of known spammers. A list with real addresses (not fake addresses like those used by most spammers). Some spammers are just uninformed people thinking that spamming is a good business practice. Some of them will stop spamming when learn that spamming is not good for their business. But for those who don’t…

Let the phpwpoison script create fake email addresses mixed with spammers addresses. Let other spammers know what spamming is all about for the receiver.

Create a text file with each line containing an email address. Avoid using the default spammers.txt filename. Edit the phpwpoison script and change the variables pwp_use_spammer_list, pwp_spammer_file and pwp_spammer_ratio.


Always create a robots.txt file in your site, to let search engines know that they should not visit the spam trap. Email harvesters usually ignore the robots.txt file, so they will fall into the trap anyway.

For more information about the robots.txt file, visit The Web Robots pages or the Robots.txt Tutorial (from SearchEngineWorld).

For example, the robots.txt file in this website looks like this (meaning that search engines should not follow the spam trap located in the users.php webpage):

User-agent: *
Disallow: /users.php
Disallow: /users.php/

The pages generated by phpWPoison may take a few seconds to render, but it’s not because they are slow. It is because phpWPoison waits a random number of seconds before finishing sending the page. The goal is slow-down the spam-spider. You can adjust this waiting time editing the variables pwp_minsleeptime and pwp_maxsleeptime.

You can include the output of the phpWPoison script so it can be shown as part of a different webpage. Just build you hosting page (as PHP) as usual, but for the content use something like:

include_once (“thepoisondir/emailusers.php”);

Then edit the emailusers.php script and change the option pwp_scriptname to the name of the hosting script. Change the option pwp_standalone to false. Also, adjust the paths of the files set in the options pwp_word_file, pwp_cache_file and pwp_spammer_file (which are relatives to the hosting script).

NOTE: if you include the script into another, the pwp_html_preheader, pwp_html_postheader and pwp_html_footer variables are ignored. Then you should provide the meta tag ROBOTS in the head of the hosting webpage (or be sure to provide a robots.txt file in your site).