I’m going through each of these spam domains, and as Professor previously stated, most of them are run by PLONE.ORG. They are aware of spam snd security breaches in their S/W, and I’ve raised several “tickets” to alert them further.
In going to each of these PLONE-run sites, there is no ability to create a new login and sign in, hence the PLONE administrator must assign you a login/password. This leads me to believe that Morahin and company are either “buying” there way into these systems, OR they are soliciting help from within the system, and getting existing members to contribute to the spamming. With a login, automation can certainly be achieved, but without one, you can’t post into these systems.
What sucks is that when I go to the effected PLONE domains, there are no links or contact #’s to alert the Administrators of these systems.
What we can hope for is that PLONE rolls out new S/W (and mandates this upgrade), that may tighten up the ship a bit.