A.I. Slop Squatters ⇥ 404media.co
Samantha Cole, 404 Media:
On the vaccines.gov domain, topics for spam blogs include “Gay Impregnation,” “Gay Firry[sic] Porn,” and “Planes in Top Gun.”
The same AI spam farm operation has also targeted the American Council on Education’s site, Stanford, NPR, and a subdomain of vaccines.gov. Each of the sites have slightly different names — on Stanford’s site it’s called “AceNet Hub”; on NPR.org “Form Generation Hub” took over a domain that seems to be abandoned by the station’s “Generation Listen” project from 2014. On the vaccines.gov site it’s “Seymore Insights.” All of these sites are in varying states of useability. They all contain spam articles with the byline “Ashley,” with the same black and white headshot.
Several people have asked how this happened, and I’m not 100% sure! Almost every subdomain points to different EC2 IP addresses in AWS’s us-west-1 and us-west-2 regions, and each one hosts a WordPress installation with different content, but the same author and similar templates. Here’s my list. https://docs.google.com/…
I found a bunch of affected sites not on Baio’s list by searching the web for “term of use” “ashley” “minutes read”. Western Digital got hit hard. On one, I found a link back to a GitHub account by the name of pgpump containing some interesting and relevant repos. The key word “arsae” also turned up a few similar-looking scripts in other users’ repos, and a PHP script by the same name. I am not the right person to try to figure this out, but whoever is behind this appears to be continuing as their most recent commits happened last week.
Update: “Marshall Banana” in the 404 article comments points to a likely reason for the varied and high-profile spam hosting: dangling DNS entries.