Codefish operator Daniel McNamara has spent the past week defending against the attacks. "As far as we can tell the site has not been compromised as yet," McNamara wrote Sunday, saying the hack attempts were "heavy and consistent" included "multiple cross-site scripting attacks as well as SQL injection attempts."
"Given we run this site in our spare time, it has made us question whether we can spare the time fending off such attacks," he added. "As such we have not done any further work and have been in talks with various places in regards to the situation. Our apologies for the inconvenience to the wider public, but it seems that the people that run these scams are very intent on making life hard for anyone that exposes them."
The attacks on Codefish Spam Watch are the latest example of hackers targeting sites offering consumer security resources, apparently seeking to exhaust the patience and finances of site maintainers. A DDoS attack last week was a factor in the planned sale of NukeCops, a support site for the PHP-Nuke content management system. Codefish Spam Watch runs on PostNuke, a successor to PHP-Nuke. Both programs are open source projects using PHP and a MySQL database that are widely used but have a history of security issues.