I was just mulling this over as I spent a few minutes looking at the monitoring tools I have running on the large number of websites I maintain, both for myself and my clients.

Unscrupulous types have plenty of reasons for trying to infect a website with malicious code, and they have tools that are designed to help them find websites that are ripe for exploit.

Specifically, there are telltale signs that a website might be running a particular platform, or they might just assume it’s a popular platform (*cough* WordPress *cough*) and run with that. Either way, they have lists of known exploits, and they just need to run a program that tries to find those exploits on a given website.

If they find one, jackpot.

It’s been interesting to see how this has evolved over the years. A decade or so ago, the most common exploit I saw was silently infiltrating a WordPress site and injecting code into its pages, either via JavaScript or a 1-pixel iframe, that would load data from an external site or redirect the user’s browser to a scam site that would throw ads at them, infect their computer with a virus, run a keylogger, etc.

More recently, what I see most often — and it’s maybe because as a matter of course I run tools that block those aforementioned actions — is surges of fake e-commerce transactions for the cheapest item in a store. Clearly in those cases the scammers have gotten their hands on a list of stolen credit card numbers, and they’re testing to see if any of them are still active.

God, these people suck.

Anyway… the thing I was thinking about today was kind of a meta-level factor in all of this. It’s not just that the botnets only infect sites that haven’t been kept up to date and therefore are exploitable. It seems like they only even try to infect sites that are very low traffic, with rarely updated content, which correlates reasonably to the idea that the site owners may be neglecting their site and not running important software updates.

But how do they know these sites have low traffic? How do they know their content is rarely updated?

How do they know these sites even exist?

The big tech companies — and I’m thinking especially Google and Meta here — have amassed huge data sets about not just users and their behavior, but the websites users interact with. In short, if Google crawls a site on a regular basis — and if Google knows about a site, it crawls it, unless you specifically tell it not to — then Google has data on how often that site’s content is updated, and how much traffic it gets. (Traffic in relative terms, at least, in the form of click-through from Google search results. But traffic in absolute terms, if the site has Google Analytics running on it. Which a huge percentage of websites do.)

Google shares a lot of the data it collects. But it also doesn’t share a lot of the data it collects, and this is specifically the type of data Google does not make publicly available. Or sometimes even privately available to the site owners.

How do scammers get it?

I don’t have an answer. I don’t even have proof that they’re getting it. I just have my anecdotal observation that the scammers don’t even seem to try hacking into the sites I work on that get a lot of traffic and frequent updates. But they’re constantly prodding and poking at sites and servers that don’t see much other traffic.

Curious.

Rusty Quarters Retro Arcade & Museum
I want to go to there. Rusty Quarters is in the Lyn-Lake area of Minneapolis, next to Bryant Lake Bowl.

I’ve been meaning to find time to head over to that part of town and check this place out for a while, but I just discovered a number of photos of the inside posted on Instagram. It turns out they have their whole game list posted on their website, but just from looking at the pictures I was able to identify the following games:

Rampage, Centipede, Joust, Dig Dug, Donkey Kong, Q-Bert, Ms. Pac-Man, Galaga, Space Invaders, Asteroids, Mario Bros., Donkey Kong Jr., Track and Field, BurgerTime, Defender and Crystal Castles.

Yes… that’s pretty much perfect.

Anyone who’s had a serious go at freelancing can tell you that one of the biggest challenges is staying focused. Without Bill Lumbergh standing at the entrance of your cubicle, mug in hand, prodding you all day long, it’s easy to let yourself spend the whole day gutting a fish on your desk instead of doing any real work.

No wait, that’s what happens when you work in an actual office.

The challenge for a freelancer is more about keeping those creative energies focused on paying clients’ projects, and not veering off into spending half the day tinkering with your own projects… like… making a sign reminding yourself to stay focused on client work.

Fortunately for you, fellow freelancer, I’ve already done that, so you can move on to more important things.

(Click the image above — or, if you must, here — to download a print-ready PDF version.)

My RPM Challenge submission for 2009, Anagrammatic Pseudonyms, is now complete and you can download it for free in MP3 format, or buy a CD for $4.99 plus shipping.

Check it out!

For reasons I don’t care to get into, I was singing Leslie Gore’s modest ’60s hit, “Sunshine, Lollipops and Rainbows” (best known to Simpsons fans as the “chase music” Chief Wiggum and Homer play in the squad car as they chase Marge and Ruth Powers in the classic episode, “Marge on the Lam”), and as usual when I get a random song in my head, I wanted to crank up the audio clip of it from the iTunes Store for the amusement (or annoyance) of everyone within earshot.

As I was listening to the clip, I noticed something odd. The CD it’s currently available on is from the 20th Century Masters – The Millennium Collection series, easily identified by its distinctive black-white-and-gray cover designs. I believe these originally featured artists from the A&M label, but eventually expanded to include other artists currently distributed by various labels under the (very large) blanket of Universal Music Group.

And that, I guess, is how ’60s bubblegum pop like Leslie Gore (originally released on Mercury, I believe) ends up being distributed by the same label as Ghostface Killah.