Recently, I installed a MediaWiki instance on a public-facing server. I knew this was a huge security risk, but since it was on a subdomain that nothing linked to, I assumed I'd be fine. I found that I didn't particularly like working with MediaWiki, so I moved on to a different project and pretty much forgot all about it. A few months later, I was shocked to realize there were nearly 100,000 items in the spam folder for the throwaway email address I set as the admin of the MediaWiki application.