Spam origin investigation

[Richard Stallman]

Same source, not RMS.

Later investigation shown that http://demo.simplacommerce.com/ is another 
Simpla CMS demo with same vulnerability.