Slashdot Mirror
Spam Rapidly Increasing In Weblog Comments
dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.
How much truth is there to the statement that increased links equal increased google rank?
This article implies that all these postings are an effort to stack the google rankings, in order to place spam sites near the top. I'm not a google wizard... is this actually a usable loophole in google's ranking system?
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
The arms race has just started: spambots becoming increasingly more sophisticated, and bloggers having to go to greater lengths to avoid spam.
The root of the problem might be in the impact a weblog link has on google ranking. Spammers have taken note, and they're acting on it.
It's just a BloJJ
This is as natural as evolution. The spammers remind me of roaches. You can try to engineer
them out of existance but life always finds a way.
I dont hate them, but I do find this phenomenon curiously interesting with its parallels to life
Help pay for my wedding! Go to my kickass website
Use the same type of human verification system that Yahoo uses when signing up for an e-mail account. If you can't type in the mangled letters in the image, then your post to the weblog is ignored. This would only be required for anonymous postings - if you're logged in, presumably you've already passed the human verification test upon account creation, so you don't have to go through the hassle each time you want to post.
Cyde Weys Musings - Scrutinizing the inscrutable
1) Only allow people with verified accounts to post.
2) With every post, display the advertising policy (buying an ad on the site is $5000)
3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
4) Host their ad for them, and collect your money. Small claims is helpful here.
It is a huge pain in the butt, especially considering that I have not found an easy way to mass delete comments with Movable Type yet...so I have to go to each comment individually and delete them.
This past week alone I cleaned out about 20 spam comments.
I've got a website.
/dev/null .
Last year, I closed my hotmail account and two spammed-to-heck e-mail accounts. To keep old friends and family from getting shafted, I had an autoreply attatched to those addresses, announcing that those addressess were closed and that I could be reached through the contact form on my website, prior to sending those e-mails to
To date, through this manual entry, effort-draining contact form, I have had at least 20 offers to increase my manly-ness, 10 offers to find the love of my life, and 5 death threats from annoyed spammers. Only one charitable organization had a problem with my auto-reply, because a spammer was using their e-mail address to send junk to me over and over again.
It's taken eight years since email spam became an issue for signifigant legislation to pass.
We need an easily amendable federal law that simply says unwanted, unsolicited, uncompensated advertising is simply illegal.
Usenet, fax, email, public chat, blogs, RPC messenger, any forum that allows public input for free has become a spammer magnet. They don't own it, get them out.
We need a law that says this, as a statement that to live under our social contract you can't be an annoying louse.
This is why I had to shut down the guestbooks on several of my sites. It didn't help when I changed the input form, then used a new URL for the posting page, THEN deleted any connection to the CGI script whatsoever. It was only after deleting the script from my webspace that it stopped.
My hosting company was unsympathetic to my pleas for help. Needless to say, I now host elsewhere. I mean, sheesh...my mother reads that that thing. The last thing I want to think about is her and my dad...and viagr^H^H^H
*shudder*
That? That was a pigeon.
Why couldn't we just create a new html tag, something like , then blog coders could simply set the comments sections of their sites up with the tag.
Then, google would still spider the page, but any spam would fail to be indexed.
Of course, blogs aren't the only application for such a thing, any time you take user input to be posted online you could surround it with a tag to aleviate any spam possibilities.
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
The BBC article misses the point, as does a similar article in Wired. Seems the editors are more focused on name-dropping and doomsdaying than on focusing on some recent solutions. For example:
Point is
Just so long as no one attempts to use a rather evil solution I discovered here on
--- have you healed your church website?
I think the ads in the blogs are going for better Google PageRank scores, rather than for direct exposure. Most blogs don't get a whole lot of traffic, mostly just family and friends, if even that much. Only a very small percentage of that audience will click, and they surely won't fall for it more than once.
But google reads a lots of blogs. If a spammer gets their link onto a whole lot of blogs, Google PageRank would see hundreds or thousands of links to their site and bump up its rank. They exploit everyone's blog in order to improve their score on searches.
That's the theory anyway. Whether or not it works is another story.
blog
Or at least it'll be forced to evolve into something more restrictive. When only adventuresome geeks were using the net, it was like we were the earliest settlers in a vast ancient forest. I remember getting maybe two or three messages a month and being elated at each. It was like meeting a fellow pioneer and being mutually pleased at having anyone else to talk to. Eventually the web was born and even my mom got an email account (ZOINKS!). And then the first annoying ads starting showing up in my inbox. And now... well, we already know what happened.
Seems like there won't be any real solution to filtering spam and the internet will have to go from being a wide-open crosslinked universe to a collection of private nodes/networks. Commercial interests supported the explosive growth of the internet/web, and a lot of us got neato jobs in the process. But now that same commercialism (and human greed/stupidity) have clearcut that beautiful old forest and built up sleazy strip malls.
I know I'm at risk of sounding like one of those "I was here before it sucked" types. Lamenting the loss of the good old days won't bring 'em back.
So, what do we do? The idea of charging a token fee for email delivery, which could be rejected by the recepient (thus resulting in a charge for spam, but not for mail we really want) is a good idea. But it might already be too late for that kind of solution. Make spam illegal? Sounds like yet another unwinnable "war-on-a-concept".
Many usenet groups already require approval for membership, and even that doesn't guarantee that new accounts won't become a source of spam.
I predict that more and more organizations and individuals will simply build fences around their cyber-outposts, only allowing recognized friends past the gate. At my house we NEVER answer the phone unless the caller ID displays a name we recognize. Ditto for email. Ditto for newgroups as well. I guess my mom was right... I don't talk to strangers any more.
but it was a little different, the messages that were already there were replied to, but they had "empty" response, unless you looked reallu close one "character" in the reply to message now had a link attached to it.
I dont remember where it was linking to but I think it was a seach index or something similer.
were they trying to boost the ranking on search engines by having these so called links in place?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Just like spam on other media (email, usenet, web forums, etc), you can apply quick and dirty fixes :
But the real issue is always the same : trust management. You want to be able to grant as much trust as possible to trustworthy (non-spamming) strangers, while revoking all trust to others.
So why do we always want to build trust management systems on top of other systems, and not design a stand-alone one, that can be used by a wide range of media (email, usenet, blogs, etc) ?
Note: identifying "personas" does not mean identifying "real people", so there are no privacy issues in such a system.
We run DreamBook, a free guestbook service with about a million members, and recently the guestbook spam started getting to the point we had no choice but to do something about it. We think the way they get the list of our user's URLs is just through a google search (which has the added benefit of returning the most trafficed books where their spam will potentially be the most widely viewed).
Originally the spam was just huge lists of porn sites, from a few specific spammers. To fight that, we kludgingly added some specific urls we wouldn't allow in any post.
They figured that out, and we started getting more from all sorts of different people. So we started adding various heuristics that were kind of lame to block posts (no domains with a - in them for example).
They figured that out, and started to post all sorts of random spam, unrelated to porn, usually with just links to some other dreambook url. We were kind of puzzled about those, because when you went to their dreambook, it was blank. Viewing the source though, they'd added hidden links to their sites at that book. So it seemed they were spamming to get higher google results. Super.
So then we added system-wide a check for the same IP posting to multiple books a lot within a certain amount of time. That worked really well for a few months, but recently they've started using I guess a whole slew of proxies! So finally we now look for any URLs in their posts instead of IPs (they vary the messages they post so there's nothing else you can really look for) and filter on that.
So far it's working okay (but now with some false positives) but it's only a matter of time until they work around that as well.
Bastards!
Well, we are going to have to change human nature eventually, if we want to survive alongside exponentially advancing technology where any random psychopath will be able to "press The Red Button" with exponentially decreasing effort.
I think humans are basically good when resources are abundant and life is good, but when resources are scarce (artificial or not), then the "selfish gene" goes into overdrive and people get desperate. But there's also that rare minority who have their selfish gene stuck in high gear even though they're already living like [spam]kings, because, hey, more power and more money secures *MY* genes even further, right? Screw the commons. I only care about ME and MY family and MY tribe.
--
Power to the Peaceful
Interesting idea!
How about, a "spam" button beneath every comment, accessible to rigestered users. The message then gets put in the spam pile, to be deleted after a certain amnount of time.
Also, if the editor notices a registered user labels non-spam as spam, he could ravoke that users use of the spam button.
If it still gets out of hand, it would have at least been an interesting experement.
I wrote something like that into a messaging system that I wrote once..
If you go to voyeurweb.com (warning, porn site), and select any set of pictures, at the bottom there's a link where users can post their comments.
Anyone can write there, and frequently enough they write really rude comments. The people contributing the pictures don't like it, the people posting nice comments don't like it, so I added in a button, that simply keeps a record of how many people have clicked the alert button. The text of it is:
"Alert! Click Here to let the VW Ops know if this is a rude message."
The idea is simple enough, it remembers (SQL DB, of course) how many unique complaints were made about a particular message, and the message monitors get that list, sorted by the number of complaints. The users are pretty good about complaining, and are more than happy to click the button.
It's fairly free of abuse, because messages that have more complaints from more users are the bad ones. Of course, there are people who complain about perfectly normal messages, but that's why we have people actually reviewing the messages before they're removed.
There's a whole lot more to it than just the alert button,
To me, it's very wierd, it's an adult site, and you'd think that most people are just there to look at the pictures, but there are a significant number of people posting messages there, and they are just about as fanatical about it as
The system as a whole works very well. We have 3,363,465 messages in the system (I purge old messages every few months), 5 alerts that haven't been read, and 43 IP's or networks that have been blocked. They have the power to prevent any size network from posting in the future, if the abuses have been bad enough. Most of the abuse and filtering features have grown with the messaging system over the years. When I originally wrote it, it didn't have or need any of it. It's fairly complete now, I haven't done any significant changes in years.
Serious? Seriousness is well above my pay grade.
Wake up and smell the bacon, people. The techno-utopianism of Wired when it was boosting the dotcom era into orbit has proven itself a poor match with human nature on all fronts.
The benificient fathers of the internet made two horrendous design decisions concerning the final destination of a global internetwork: excessively strong anonimity and a near zero cost for dumping pollution into public media.
Privacy, openness, spam-free: pick any two.
For anyone who looked into ECC yesterday, you might have noticed that RSA has ideal properties for preventing some of this mess: expensive to sign a certificate, cheap to verify, and the ratio becomes worse as you scale up.
If every spam artifact was signed with an anonymous RSA cert (anyone could make as many of these as they wish), as soon as one spam is confirmed, every other post signed by the known-spam cert could be instantly revoked.
This would force the spammers to create a new anonymous cert for every spam instance. Yet with RSA certs, the computational cost to generate a cert is vastly greater than the cost to verify the cert.
As an added step, the cert could require the IP address of both endpoints to be embedded inside (the server would reflect back the IP source address it sees, and then ask for an anonymous cert to be generated at a desired RSA key size).
We won't have to damage anonymity very much to vastly increase the cost of dumping pollution.
In this respect, weblogs would be a good place to start. This is a relatively new technology that could be retrofitted at one percent of the cost of a global e-mail infrastructure upgrade. It really doesn't matter if you inconvience a few bloggers working out the kinks, these people have not much useful to do in any case.
Do you know of any scams from the centuries you listed? (I am not confronting, I am just curious.) Vox