I’m running a few private blogs, for business purposes, that are password protected via .htaccess on the main and archive directories. There are no external links to them from the open net, and they haven’t been archived by Google. Yet somehow the spammers have found them. A couple days ago, we had dozens of poker spams in the comments.

Anyone have any idea how they’re doing this?