Slashdot Mirror
Spam Rapidly Increasing In Weblog Comments
dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.
They would seem vulnerable to spamming. I was on a lojban wiki for awhile which was under the radar enough to avoid it, but don't know about now.
-Libertarian secular transhumanist
Since most blog spammers will search for "Remember personal info?" in various search engines to quickly find personal blogs, I edited my MovableType templates. Now, instead of saying "Remember personal info?" on the comments page, I have something else that spammers don't normally search for.
So why not try the best anti-spam tool on the market and wave goodbye to those pesky spams?!
Perhaps these 'web logs' could come up with a kind of 'moderation system' to let users filter out the crap.
How much truth is there to the statement that increased links equal increased google rank?
This article implies that all these postings are an effort to stack the google rankings, in order to place spam sites near the top. I'm not a google wizard... is this actually a usable loophole in google's ranking system?
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
The arms race has just started: spambots becoming increasingly more sophisticated, and bloggers having to go to greater lengths to avoid spam.
The root of the problem might be in the impact a weblog link has on google ranking. Spammers have taken note, and they're acting on it.
It's just a BloJJ
I read LiveJournal and I have noticed this. Anonymous comments with a link to some page I guess they are hoping you will click on out of curiousity. LiveJournal allows you to easily delete such comments but like e-mail spam it is still a hassle. The solution is simple: stop buying what spammers are offering and they will go under soon after.
Use the same type of human verification system that Yahoo uses when signing up for an e-mail account. If you can't type in the mangled letters in the image, then your post to the weblog is ignored. This would only be required for anonymous postings - if you're logged in, presumably you've already passed the human verification test upon account creation, so you don't have to go through the hassle each time you want to post.
Cyde Weys Musings - Scrutinizing the inscrutable
This is reason #1 why I don't allow comments on my weblog or any other site I run. Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...
Not every single web site needs to be a two-way communication system. That's what email and discussion groups are for.
filmcritic.com - Movie reviews on Internet time
1) Only allow people with verified accounts to post.
2) With every post, display the advertising policy (buying an ad on the site is $5000)
3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
4) Host their ad for them, and collect your money. Small claims is helpful here.
Although the term flyblog has been used already to mean either blogging about flying, or blogging while flying, I would like to claim it for the practice of posting spam comments to people's blogs like this: I have just been comprehensively flyblogged
I like I have been splamogged much better. Just rolls off the tongue.
It is a huge pain in the butt, especially considering that I have not found an easy way to mass delete comments with Movable Type yet...so I have to go to each comment individually and delete them.
This past week alone I cleaned out about 20 spam comments.
I had the same problem with the guestbook on my website. I was used to the occasional, manually entered, advertisement that I would then promptly remove. However, suddenly my guestbook was being hit with dozens of spam advertisements at a time, all at the same time. This was taking place every couple of days. It was always the same ads with bogus compliments, but the source IP addresses would vary widely from attack to attack. A review of my access log showed spybots looking for the presence of certain common guestbook scripts, one of which I was using. Then later, the spambot would hit my site executing the scripts directly. I got around it by changing the file name of the script. Normal users to my site would follow the link and get to the guestbook with no problem. But since the spambots depended on the script being a certain name, they would fail with a 404 error.
Phoenix
You're blogging to publish your thoughts to the world, right? Weeelllll, if your users want to say something, let them get their own blog. There's no law that says you have to start your own mini-slashdot. Make your blog read-only and the spam problem goes away.
Doesn't it?
I think the whole "open forum" thing is overrated... Look at all the junk that gets published here, on Slashdot, one of the more serious of the open forums (yeah, I know how crazy THAT comment is, but it's true).
Farewell! It's been a fine buncha years!
I've got a website.
/dev/null .
Last year, I closed my hotmail account and two spammed-to-heck e-mail accounts. To keep old friends and family from getting shafted, I had an autoreply attatched to those addresses, announcing that those addressess were closed and that I could be reached through the contact form on my website, prior to sending those e-mails to
To date, through this manual entry, effort-draining contact form, I have had at least 20 offers to increase my manly-ness, 10 offers to find the love of my life, and 5 death threats from annoyed spammers. Only one charitable organization had a problem with my auto-reply, because a spammer was using their e-mail address to send junk to me over and over again.
1) If you get flooded with spam just go directly into MySQL and issue a DELETE...WHERE query, it's really too much trouble to use the MT frontend to delete multiple comments.
2) Check out MT-Blacklist at http://www.jayallen.org/misc/projects/mt-blacklist /
It's taken eight years since email spam became an issue for signifigant legislation to pass.
We need an easily amendable federal law that simply says unwanted, unsolicited, uncompensated advertising is simply illegal.
Usenet, fax, email, public chat, blogs, RPC messenger, any forum that allows public input for free has become a spammer magnet. They don't own it, get them out.
We need a law that says this, as a statement that to live under our social contract you can't be an annoying louse.
I run a phpbb based blog, for my friends and family, and it is definately a problem. So far, the only solution I've found is to block all users who register with an e-mail address from .ru and .tw. This is obviously a sub-optimal solution.
It's frustrating on so many levels. The spammer always sees a hit from your website in their logs if you do a background check on the user (you have to visit the site in order to realize it's spam), so the insentive to spam is reinforced. On the other hand, you run the risk of deleting a user who is truly interested in your site if you don't investigate their profile information.
Unfortunately, it's really easy to use google to find phpbb based sites, and it's just as easy to write a script to register yourself with all of these sites. The signal to noise ratio is making it hard for me to justify the admin time costs of running a public site.
The other (not as easy) solution is to modify your site code in some non-standard way so that their scripts fail.
This is why I had to shut down the guestbooks on several of my sites. It didn't help when I changed the input form, then used a new URL for the posting page, THEN deleted any connection to the CGI script whatsoever. It was only after deleting the script from my webspace that it stopped.
My hosting company was unsympathetic to my pleas for help. Needless to say, I now host elsewhere. I mean, sheesh...my mother reads that that thing. The last thing I want to think about is her and my dad...and viagr^H^H^H
*shudder*
That? That was a pigeon.
One blog I frequent -- Samizdata (a libertarian site) -- was recently hit with this kind of stuff. They've initiated a technology that forces people to enter a code supplied on the comments page before being allowed to post a comment.
Slashdot's moderation feature may also help with this problem. If the spammer's goal is to be seen, rather than just Googled, moderating down spam as offtopic or some other negative category may help reduce that visibility.
"Beer is proof God loves us and wants us to be happy." -- B. Franklin
*ducks*
Get 500 by tomorrow. It's quick, easy and confidential.
CLICK HERE TO LEARN HOW!!!
Use the money anyway you like:
...sigh. Okay, I keed I keed and I know I'm going to get modded down for posting some actual spam I found in my inbox. But I have actually heard of this problem before. I wish it would just go away along with the majority of our obsessivly consumerist culture. But thank god, though I have seen some folks accuse Slashdot of being in bed with some of the product manufacturers it features in its stories (an accusation I don't actually subscribe to), I have NEVER seen blatant spam (that wasn't a blatant troll) mixed in with the blogging on this site. Could it be that the lameness filters are admirably effective in blocking this sort of content? Or have, I wonder, the spammers not figured out how to interface with Slashdot as of yet? Repeat: yet?
Quod scripsi, scripsi.
The BBC article misses the point, as does a similar article in Wired. Seems the editors are more focused on name-dropping and doomsdaying than on focusing on some recent solutions. For example:
Point is
Just so long as no one attempts to use a rather evil solution I discovered here on
--- have you healed your church website?
I'm pretty sure that someone is spamming my brain with thoughts and dreams of porn like material. That said, I'm not too bothered by it.
There are some odd things afoot now, in the Villa Straylight.
Jeremy Zawodny on this:
SMTP Sender Authentication, Blog Spam, and PageRank
Cheap Viagra, Vicodin, Xanax, Prescription Drugs, and Penis Enlargement Pills!!!
Gureilla Tactics Against Blog Comment Spammers
Russell Beattie on this:
Googler Comments
Simon Willison on this:
Battling Comment Spam
Banning Google Comments
Michael Fagan on this:
Seven Ideas for a Spam Free Blog
Scott Johnson on this:
A Possible Blog Comment Spam Solution
Or at least it'll be forced to evolve into something more restrictive. When only adventuresome geeks were using the net, it was like we were the earliest settlers in a vast ancient forest. I remember getting maybe two or three messages a month and being elated at each. It was like meeting a fellow pioneer and being mutually pleased at having anyone else to talk to. Eventually the web was born and even my mom got an email account (ZOINKS!). And then the first annoying ads starting showing up in my inbox. And now... well, we already know what happened.
Seems like there won't be any real solution to filtering spam and the internet will have to go from being a wide-open crosslinked universe to a collection of private nodes/networks. Commercial interests supported the explosive growth of the internet/web, and a lot of us got neato jobs in the process. But now that same commercialism (and human greed/stupidity) have clearcut that beautiful old forest and built up sleazy strip malls.
I know I'm at risk of sounding like one of those "I was here before it sucked" types. Lamenting the loss of the good old days won't bring 'em back.
So, what do we do? The idea of charging a token fee for email delivery, which could be rejected by the recepient (thus resulting in a charge for spam, but not for mail we really want) is a good idea. But it might already be too late for that kind of solution. Make spam illegal? Sounds like yet another unwinnable "war-on-a-concept".
Many usenet groups already require approval for membership, and even that doesn't guarantee that new accounts won't become a source of spam.
I predict that more and more organizations and individuals will simply build fences around their cyber-outposts, only allowing recognized friends past the gate. At my house we NEVER answer the phone unless the caller ID displays a name we recognize. Ditto for email. Ditto for newgroups as well. I guess my mom was right... I don't talk to strangers any more.
Just disable anonymous comments in your blog, and you're pretty much OK.
You see? You see? Your stupid minds! Stupid! Stupid!
I don't reallly have a blog, as such, but my domain does have a PHP site that has galleries of my photographs which viewers are able to comment on. Lately i've been getting spam from people who apparently randomly find my site and decide they have to leave their mark (much like dogs leave their marks on bushes)
my solution? Have MySQL log IP addresses along with the comment submission. My intended audience is so small I know the majority of the viewers personally, and thus have no issue walling off an entire ISP ( after reporting that IP address to said ISP's abuse dept)
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
but it was a little different, the messages that were already there were replied to, but they had "empty" response, unless you looked reallu close one "character" in the reply to message now had a link attached to it.
I dont remember where it was linking to but I think it was a seach index or something similer.
were they trying to boost the ranking on search engines by having these so called links in place?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Just like spam on other media (email, usenet, web forums, etc), you can apply quick and dirty fixes :
But the real issue is always the same : trust management. You want to be able to grant as much trust as possible to trustworthy (non-spamming) strangers, while revoking all trust to others.
So why do we always want to build trust management systems on top of other systems, and not design a stand-alone one, that can be used by a wide range of media (email, usenet, blogs, etc) ?
Note: identifying "personas" does not mean identifying "real people", so there are no privacy issues in such a system.
Enlighten me, please, how does buying Viagra support the Internet?
I think you are confusing two issues here. On one side, you have the Web sites I want to visit and products I want to buy. I am fully aware that nothing is for free, and because of that I don't complain about banners or fees, if the Web sites contain information I want to access. In fact, when the site is really helpful to me, I click on banners even though I have not the slightest interest in the products advertised, only to increase the site's revenues.
On the other side, you have Web sites and products that I don't want to buy. I don't visit those sites, and I don't buy such products. As such, I don't own them anything, and thus I do my best to fight against their aggressive marketing campaign. If anything, they put additional burned on the Internet infrastructure without paying their share to "support the 'net" (if there is such a concept in the first place).
I'll save you a bit of surfing by extracting a tasty morsel, but do glance over the rest as it is quite a classic:
[snip] [endsnip]
The key insight here is that freedom in a commons brings ruin to all. So in other words, we kid ourselves into thinking that our tiny individual impact does not make a difference, that societal good is not impaired, thus we have the freedom to pursue our impulses to better our share, and working individually this way we ruin everything that does not have a high barrier to entry. The way this applies to email/weblogs/Usenet/etc is that in the beginning the technical hurdles are too high for there to be very many users with thier little impacts, so the Commons is safe for a while. But then comes the GUI and push-button bots and the Commons is swamped. The normal "natural" balance is broken apart and the Commons collapses from the death of a thousand cuts. It has ever been thus, and unless I am mistaken it always will be unless you defend your Commons from newcomers. Which has been tried.
=^..^= all your rodent are belong to us
It's easy enough to stop spam. Just shoot anyone that needs a mortgage, has a small dick or erection problem, or wants to increase their web traffic. No more buyers, no more problem. Unfortunately one of those applies to me, but I'm not saying which... ;-)
Actually the turing test would be a computer trying to convince a man that it is a woman.
Why would this be a problem? Nobody even reads a blog, do they?
Wake up and smell the bacon, people. The techno-utopianism of Wired when it was boosting the dotcom era into orbit has proven itself a poor match with human nature on all fronts.
The benificient fathers of the internet made two horrendous design decisions concerning the final destination of a global internetwork: excessively strong anonimity and a near zero cost for dumping pollution into public media.
Privacy, openness, spam-free: pick any two.
For anyone who looked into ECC yesterday, you might have noticed that RSA has ideal properties for preventing some of this mess: expensive to sign a certificate, cheap to verify, and the ratio becomes worse as you scale up.
If every spam artifact was signed with an anonymous RSA cert (anyone could make as many of these as they wish), as soon as one spam is confirmed, every other post signed by the known-spam cert could be instantly revoked.
This would force the spammers to create a new anonymous cert for every spam instance. Yet with RSA certs, the computational cost to generate a cert is vastly greater than the cost to verify the cert.
As an added step, the cert could require the IP address of both endpoints to be embedded inside (the server would reflect back the IP source address it sees, and then ask for an anonymous cert to be generated at a desired RSA key size).
We won't have to damage anonymity very much to vastly increase the cost of dumping pollution.
In this respect, weblogs would be a good place to start. This is a relatively new technology that could be retrofitted at one percent of the cost of a global e-mail infrastructure upgrade. It really doesn't matter if you inconvience a few bloggers working out the kinks, these people have not much useful to do in any case.
I was only hit twice by comment-spammers before I took action.
Using image-text to verify humanity on the other end of the connection wasn't an option, as it excluded sight-impared users. User registration was a no-go: I don't want to have to spend time validating user accounts. I did enough of that in my BBS Sysop days. Even MT-Blacklist is a bit of a pain, as you've got to deal with each spam comment individually once posted.
However, one thing I found in common between my spammers and the attacks I've seen on other sites was that prior to the spamming run, the site was crawled. So, I excluded the locations of the comment scripts in my robots.txt and set a trap to auto-ban any crawler that doesn't obey the excludes.
Well-behaved spiders/'bots can index the site. Ill-behaved or malicious crawlers that download the whole file tree regardless of excludes trigger a tripwire that locks them out. You can eyeball the details in this entry on my site: Setting a Spider Trap
At 3 A.M. you can see people's auras; at five you can see their contrails...