Slashdot Mirror
Spam Rapidly Increasing In Weblog Comments
dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.
Use the same type of human verification system that Yahoo uses when signing up for an e-mail account. If you can't type in the mangled letters in the image, then your post to the weblog is ignored. This would only be required for anonymous postings - if you're logged in, presumably you've already passed the human verification test upon account creation, so you don't have to go through the hassle each time you want to post.
Cyde Weys Musings - Scrutinizing the inscrutable
1) Only allow people with verified accounts to post.
2) With every post, display the advertising policy (buying an ad on the site is $5000)
3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
4) Host their ad for them, and collect your money. Small claims is helpful here.
I've got a website.
/dev/null .
Last year, I closed my hotmail account and two spammed-to-heck e-mail accounts. To keep old friends and family from getting shafted, I had an autoreply attatched to those addresses, announcing that those addressess were closed and that I could be reached through the contact form on my website, prior to sending those e-mails to
To date, through this manual entry, effort-draining contact form, I have had at least 20 offers to increase my manly-ness, 10 offers to find the love of my life, and 5 death threats from annoyed spammers. Only one charitable organization had a problem with my auto-reply, because a spammer was using their e-mail address to send junk to me over and over again.
It's taken eight years since email spam became an issue for signifigant legislation to pass.
We need an easily amendable federal law that simply says unwanted, unsolicited, uncompensated advertising is simply illegal.
Usenet, fax, email, public chat, blogs, RPC messenger, any forum that allows public input for free has become a spammer magnet. They don't own it, get them out.
We need a law that says this, as a statement that to live under our social contract you can't be an annoying louse.
How much truth is there to the statement that 2 + 2 = 4? A lot. Why? Because that's how it's defined to work.
Uh, that's how Google documents it. That's how all of Google's employees define it. That's how everybody's experience pans out. Maybe they're all just making shit up with nobody ever calling them on it, but I'd argue for "that's actually how it works" myself. Try going to Google and clicking "About".
Only if the log owners let the spam sit there long enough to be googled. If they do that, then my guess would be quite possibly yes.
Maybe compile a list of such spammers, then a list of the advertised sites. I'd like a checkbox on my google searches that says, "Ignore results on sites whose page rank is mostly due to asshole tactics."
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
The BBC article misses the point, as does a similar article in Wired. Seems the editors are more focused on name-dropping and doomsdaying than on focusing on some recent solutions. For example:
Point is
Just so long as no one attempts to use a rather evil solution I discovered here on
--- have you healed your church website?
I think the ads in the blogs are going for better Google PageRank scores, rather than for direct exposure. Most blogs don't get a whole lot of traffic, mostly just family and friends, if even that much. Only a very small percentage of that audience will click, and they surely won't fall for it more than once.
But google reads a lots of blogs. If a spammer gets their link onto a whole lot of blogs, Google PageRank would see hundreds or thousands of links to their site and bump up its rank. They exploit everyone's blog in order to improve their score on searches.
That's the theory anyway. Whether or not it works is another story.
blog
My hobbyist project was picked up by Google after a while, but it wasn't until I retroactively changed my comment signature here on Slashdot and on Kuro5hin (thereby creating many links to my project page) that it went to the top of the search results. It wasn't my intent to subvert Google in any way - I was quite surprised by the dramatic result.
There have been some less-than-scrupulous advertising companies in the business of that publishing dummy machine-generated web pages to exploit this trick. The dummy pages were typically filled with repitions of some nonsense paragraph, with self-links (to other dummy pages) and client-sponsored links interspersed here and there. The idea was that the self-linking would make the site look like a large, legit site to Google, which would mark it as relatively well-trusted and influential. Then Google would dutifully note the client-sponsored links and rank them highly. I believe Google has worked on ways to stop this; I don't know how successful they've been, or if the dummy-site makers are still around.
but it was a little different, the messages that were already there were replied to, but they had "empty" response, unless you looked reallu close one "character" in the reply to message now had a link attached to it.
I dont remember where it was linking to but I think it was a seach index or something similer.
were they trying to boost the ranking on search engines by having these so called links in place?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
We run DreamBook, a free guestbook service with about a million members, and recently the guestbook spam started getting to the point we had no choice but to do something about it. We think the way they get the list of our user's URLs is just through a google search (which has the added benefit of returning the most trafficed books where their spam will potentially be the most widely viewed).
Originally the spam was just huge lists of porn sites, from a few specific spammers. To fight that, we kludgingly added some specific urls we wouldn't allow in any post.
They figured that out, and we started getting more from all sorts of different people. So we started adding various heuristics that were kind of lame to block posts (no domains with a - in them for example).
They figured that out, and started to post all sorts of random spam, unrelated to porn, usually with just links to some other dreambook url. We were kind of puzzled about those, because when you went to their dreambook, it was blank. Viewing the source though, they'd added hidden links to their sites at that book. So it seemed they were spamming to get higher google results. Super.
So then we added system-wide a check for the same IP posting to multiple books a lot within a certain amount of time. That worked really well for a few months, but recently they've started using I guess a whole slew of proxies! So finally we now look for any URLs in their posts instead of IPs (they vary the messages they post so there's nothing else you can really look for) and filter on that.
So far it's working okay (but now with some false positives) but it's only a matter of time until they work around that as well.
Bastards!
Wake up and smell the bacon, people. The techno-utopianism of Wired when it was boosting the dotcom era into orbit has proven itself a poor match with human nature on all fronts.
The benificient fathers of the internet made two horrendous design decisions concerning the final destination of a global internetwork: excessively strong anonimity and a near zero cost for dumping pollution into public media.
Privacy, openness, spam-free: pick any two.
For anyone who looked into ECC yesterday, you might have noticed that RSA has ideal properties for preventing some of this mess: expensive to sign a certificate, cheap to verify, and the ratio becomes worse as you scale up.
If every spam artifact was signed with an anonymous RSA cert (anyone could make as many of these as they wish), as soon as one spam is confirmed, every other post signed by the known-spam cert could be instantly revoked.
This would force the spammers to create a new anonymous cert for every spam instance. Yet with RSA certs, the computational cost to generate a cert is vastly greater than the cost to verify the cert.
As an added step, the cert could require the IP address of both endpoints to be embedded inside (the server would reflect back the IP source address it sees, and then ask for an anonymous cert to be generated at a desired RSA key size).
We won't have to damage anonymity very much to vastly increase the cost of dumping pollution.
In this respect, weblogs would be a good place to start. This is a relatively new technology that could be retrofitted at one percent of the cost of a global e-mail infrastructure upgrade. It really doesn't matter if you inconvience a few bloggers working out the kinks, these people have not much useful to do in any case.