Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Rapidly Increasing In Weblog Comments

Posted by simoniker on from the generally-defined-as-not-good dept.

dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.

34 of 387 comments (clear)

  1. Wikis too? by Thinkit3 · · Score: 4, Insightful

    They would seem vulnerable to spamming. I was on a lojban wiki for awhile which was under the radar enough to avoid it, but don't know about now.

    --
    -Libertarian secular transhumanist
    1. Re:Wikis too? by lacrymology.com · · Score: 4, Funny

      How dare you post this here to give all of the spammers an idea you insensitive clod! Haven't you ever heard of security through obscurity? You just as bad as that box-cutter college kid and those dangerous white hats! -m

      --

      #
      # Modus Ponens
      #
  2. Here's My Solution by notsewmit · · Score: 5, Insightful

    Since most blog spammers will search for "Remember personal info?" in various search engines to quickly find personal blogs, I edited my MovableType templates. Now, instead of saying "Remember personal info?" on the comments page, I have something else that spammers don't normally search for.

  3. This is why... by Sanity · · Score: 4, Funny
    ...you need Locutus! Its absolutely FREE and works with Outlook, Outlook Express, and Eudora!

    So why not try the best anti-spam tool on the market and wave goodbye to those pesky spams?!

  4. Mod by CGP314 · · Score: 5, Funny

    Perhaps these 'web logs' could come up with a kind of 'moderation system' to let users filter out the crap.

    1. Re:Mod by orthogonal · · Score: 4, Funny

      Oh please, it doesn't even work on Slashdot half the time. Intelligent posts get modded down all the time because they're not the majority opinion.

      Mod heretical parent down!!

      Baa! Baa!

      --
      Opinions on the Twiddler2 hand-held keyboard?
  5. I've Noticed by Starquake · · Score: 3, Insightful

    I read LiveJournal and I have noticed this. Anonymous comments with a link to some page I guess they are hoping you will click on out of curiousity. LiveJournal allows you to easily delete such comments but like e-mail spam it is still a hassle. The solution is simple: stop buying what spammers are offering and they will go under soon after.

    1. Re:I've Noticed by mcrbids · · Score: 5, Insightful

      The solution is simple: stop buying what spammers are offering and they will go under soon after.

      This is one of those simple-sounding, and utterly worthless "solutions".

      You see, you can stop buying what the spammers are offering, but will everybody else? You see, this world is chock-full of people who just don't get it when it comes to spam. They don't realize the mechanical nature of SPAM, many think the message was sent by somebody to them personally.

      Scams were common in the 20th, 19th, 18th, 15th, and 11th century, why would they stop now?

      So, really, what you in fact just said was " The solution is simple: change human nature for every person on the earth to a very cynical nature and then spend billions of dollars in education so that people know what SPAM is and how best to treat it, and they will go under soon after." .

      Utopia doesn't exist, and won't as long as there are people to pollute it. In the meantime, we have to deal with the fact that this world has both unscrupulous people and suckers.

      The solution is to change the protocol of Email to introduce enough resistance to communication to thwart SPAM. Until that happens, SPAM will be a problem.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    2. Re:I've Noticed by brianosaurus · · Score: 4, Interesting

      I think the ads in the blogs are going for better Google PageRank scores, rather than for direct exposure. Most blogs don't get a whole lot of traffic, mostly just family and friends, if even that much. Only a very small percentage of that audience will click, and they surely won't fall for it more than once.

      But google reads a lots of blogs. If a spammer gets their link onto a whole lot of blogs, Google PageRank would see hundreds or thousands of links to their site and bump up its rank. They exploit everyone's blog in order to improve their score on searches.

      That's the theory anyway. Whether or not it works is another story.

      --
      blog
  6. I have a quick and dirty solution. by Ignorant+Aardvark · · Score: 5, Interesting

    Use the same type of human verification system that Yahoo uses when signing up for an e-mail account. If you can't type in the mangled letters in the image, then your post to the weblog is ignored. This would only be required for anonymous postings - if you're logged in, presumably you've already passed the human verification test upon account creation, so you don't have to go through the hassle each time you want to post.

    --
    Cyde Weys Musings - Scrutinizing the inscrutable
    1. Re:I have a quick and dirty solution. by Alan · · Score: 4, Informative
      There has been some discussion on this that I've seen on various blogs I read, and basically the concensus seems to be that people don't want to make the barrier to entry of submitting a comment harder (ie: accounts), as part of the beauty of blog comments is the spontinaity. Most people I've seen have either done some of the 7 tips for a spam free blog or are using the MT Blacklist plugin.


      Once I installed the latter and did some of the former, I've had almost no spam, vs several hundred over a couple of days. Now whether that is testimony to how well the tips work or that the spammers are going in short bursts then taking breaks is still unknown.

    2. Re:I have a quick and dirty solution. by GeorgeH · · Score: 4, Interesting

      That's called a CAPTCHA, and James Seng wrote a Moveable Type plugin to do this with MT. CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, you can read more in this story

      --
      Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
    3. Re:I have a quick and dirty solution. by 4of12 · · Score: 4, Insightful

      That excludes people who prefer to browse using text, which is what that image recognition filter effectively does. Blind people, low bandwidth folks are automatically eliminated from the community.

      Requiring a periodic human response at the other end of a live email address, after a time interval, helps some. It's still possible for spammers to cultivate a temporary reputation of responsibility and spam a site as their last post, but requiring them to periodically exert effort to prove they're authentically human helps to make spamming hard work.

      It wouldn't hurt for sites to start keeping a growing list of bad urls and poisoned posters. A spider that visits url's, maybe one or two deep after the posted URL (phenomena of delayed appearance of herbal viagara behind URLs that are opaque looking), checks for spam links, and assigns big negative karma would help some, especially if it runs before the posting appears on the blog.

      --
      "Provided by the management for your protection."
  7. Uh, try disabling comments altogether... by ccnull · · Score: 3, Insightful

    This is reason #1 why I don't allow comments on my weblog or any other site I run. Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...

    Not every single web site needs to be a two-way communication system. That's what email and discussion groups are for.

    --
    filmcritic.com - Movie reviews on Internet time
    1. Re:Uh, try disabling comments altogether... by aliens · · Score: 4, Funny

      Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...

      Yeah I mean who reads these comments anyway? Can you imagine a site full of these asinine people writting about stuff they don't even know the first thing about?

      What a stupid stupid idea ::)

      --
      -- taking over the world, we are.
  8. Solution to the problem by Anonymous Coward · · Score: 3, Interesting

    1) Only allow people with verified accounts to post.
    2) With every post, display the advertising policy (buying an ad on the site is $5000)
    3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
    4) Host their ad for them, and collect your money. Small claims is helpful here.

  9. Awkward Alternative. by CGP314 · · Score: 5, Funny

    Although the term flyblog has been used already to mean either blogging about flying, or blogging while flying, I would like to claim it for the practice of posting spam comments to people's blogs like this: I have just been comprehensively flyblogged

    I like I have been splamogged much better. Just rolls off the tongue.

  10. Re:Google? by realdpk · · Score: 3, Informative

    Yes. That's partly why Google's search results are nearly useless any more - especially while looking for information about specific brand-named products. This whole blog-spam thing has been known about for a very long time, and I have yet to see it addressed - I'm surprised that it's finally picked up by the media though. Maybe that'll force Google to update their ranking code before their IPO.

  11. This was happening to my guestbook too by Phoenix-kun · · Score: 5, Informative

    I had the same problem with the guestbook on my website. I was used to the occasional, manually entered, advertisement that I would then promptly remove. However, suddenly my guestbook was being hit with dozens of spam advertisements at a time, all at the same time. This was taking place every couple of days. It was always the same ads with bogus compliments, but the source IP addresses would vary widely from attack to attack. A review of my access log showed spybots looking for the presence of certain common guestbook scripts, one of which I was using. Then later, the spambot would hit my site executing the scripts directly. I got around it by changing the file name of the script. Normal users to my site would follow the link and get to the guestbook with no problem. But since the spambots depended on the script being a certain name, they would fail with a 404 error.

    --
    Phoenix
    1. Re:This was happening to my guestbook too by Another+AC · · Score: 3, Interesting

      We run DreamBook, a free guestbook service with about a million members, and recently the guestbook spam started getting to the point we had no choice but to do something about it. We think the way they get the list of our user's URLs is just through a google search (which has the added benefit of returning the most trafficed books where their spam will potentially be the most widely viewed).

      Originally the spam was just huge lists of porn sites, from a few specific spammers. To fight that, we kludgingly added some specific urls we wouldn't allow in any post.

      They figured that out, and we started getting more from all sorts of different people. So we started adding various heuristics that were kind of lame to block posts (no domains with a - in them for example).

      They figured that out, and started to post all sorts of random spam, unrelated to porn, usually with just links to some other dreambook url. We were kind of puzzled about those, because when you went to their dreambook, it was blank. Viewing the source though, they'd added hidden links to their sites at that book. So it seemed they were spamming to get higher google results. Super.

      So then we added system-wide a check for the same IP posting to multiple books a lot within a certain amount of time. That worked really well for a few months, but recently they've started using I guess a whole slew of proxies! So finally we now look for any URLs in their posts instead of IPs (they vary the messages they post so there's nothing else you can really look for) and filter on that.

      So far it's working okay (but now with some false positives) but it's only a matter of time until they work around that as well.

      Bastards!

  12. Why let users comment on your blog at all? by crazyphilman · · Score: 3, Insightful

    You're blogging to publish your thoughts to the world, right? Weeelllll, if your users want to say something, let them get their own blog. There's no law that says you have to start your own mini-slashdot. Make your blog read-only and the spam problem goes away.

    Doesn't it?

    I think the whole "open forum" thing is overrated... Look at all the junk that gets published here, on Slashdot, one of the more serious of the open forums (yeah, I know how crazy THAT comment is, but it's true).

    --
    Farewell! It's been a fine buncha years!
    1. Re:Why let users comment on your blog at all? by poot_rootbeer · · Score: 4, Insightful

      Make your blog read-only and the spam problem goes away.

      Doesn't it?

      Yes, but in many cases so also will the blog's audience go away.

      One of the key atttractions of small-to-middle-sized weblogs is the interactivity. If the blog author says something incorrect, you can let him know. If you have additional information pertaining to something a blogger wrote about, you can share it with her.

      Without comments, blogs are just another one-way communications medium. Not to say that's an undesirable thing, but we already have plenty of those.

  13. I've seen far worse from spammers. by Rahga · · Score: 3, Interesting

    I've got a website.

    Last year, I closed my hotmail account and two spammed-to-heck e-mail accounts. To keep old friends and family from getting shafted, I had an autoreply attatched to those addresses, announcing that those addressess were closed and that I could be reached through the contact form on my website, prior to sending those e-mails to /dev/null .

    To date, through this manual entry, effort-draining contact form, I have had at least 20 offers to increase my manly-ness, 10 offers to find the love of my life, and 5 death threats from annoyed spammers. Only one charitable organization had a problem with my auto-reply, because a spammer was using their e-mail address to send junk to me over and over again.

  14. Legislation by Schmucky+The+Cat · · Score: 3, Interesting
    This isn't that new but it's becoming a nuisance because spammers now have automated tools.

    It's taken eight years since email spam became an issue for signifigant legislation to pass.

    We need an easily amendable federal law that simply says unwanted, unsolicited, uncompensated advertising is simply illegal.

    Usenet, fax, email, public chat, blogs, RPC messenger, any forum that allows public input for free has become a spammer magnet. They don't own it, get them out.

    We need a law that says this, as a statement that to live under our social contract you can't be an annoying louse.

  15. Don't be rediculous by Sanity · · Score: 4, Funny
    That would lead to censorship by majority and the inability to say anything that contradicts the weblog's collective "groupthink" without getting moderated down.

    *ducks*

    1. Re:Don't be rediculous by quacking+duck · · Score: 5, Funny

      You got modded up. Conformist!

    2. Re:Don't be rediculous by CGP314 · · Score: 4, Insightful

      Actually, I think a bigger problem would be audience size. You need to reach a certain critical mass before the moderation system would work. Most blogs, my own included, do not have the necessary audience.

  16. Re:Google? by devphil · · Score: 3, Interesting


    How much truth is there to the statement that 2 + 2 = 4? A lot. Why? Because that's how it's defined to work.

    How much truth is there to the statement that increased links equal increased google rank?

    Uh, that's how Google documents it. That's how all of Google's employees define it. That's how everybody's experience pans out. Maybe they're all just making shit up with nobody ever calling them on it, but I'd argue for "that's actually how it works" myself. Try going to Google and clicking "About".

    is this actually a usable loophole in google's ranking system?

    Only if the log owners let the spam sit there long enough to be googled. If they do that, then my guess would be quite possibly yes.

    Maybe compile a list of such spammers, then a list of the advertised sites. I'd like a checkbox on my google searches that says, "Ignore results on sites whose page rank is mostly due to asshole tactics."

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  17. The article misses the point by HealYourChurchWebSit · · Score: 4, Interesting


    The BBC article misses the point, as does a similar article in Wired. Seems the editors are more focused on name-dropping and doomsdaying than on focusing on some recent solutions. For example:

    Point is ... perhaps we'd all be better service if said articles spent less time on the hype and a bit more investigation on some of the solutions ... whether they succeed or fail ... as both are educational.

    Just so long as no one attempts to use a rather evil solution I discovered here on /... ... that would be wrong ...

    --
    --- have you healed your church website?
  18. Tell me something new... by Manuzhai · · Score: 3, Informative

    Jeremy Zawodny on this:

    SMTP Sender Authentication, Blog Spam, and PageRank
    Cheap Viagra, Vicodin, Xanax, Prescription Drugs, and Penis Enlargement Pills!!!
    Gureilla Tactics Against Blog Comment Spammers

    Russell Beattie on this:
    Googler Comments

    Simon Willison on this:
    Battling Comment Spam
    Banning Google Comments

    Michael Fagan on this:
    Seven Ideas for a Spam Free Blog

    Scott Johnson on this:
    A Possible Blog Comment Spam Solution

  19. Re:Google? by Lagged2Death · · Score: 5, Interesting

    My hobbyist project was picked up by Google after a while, but it wasn't until I retroactively changed my comment signature here on Slashdot and on Kuro5hin (thereby creating many links to my project page) that it went to the top of the search results. It wasn't my intent to subvert Google in any way - I was quite surprised by the dramatic result.

    There have been some less-than-scrupulous advertising companies in the business of that publishing dummy machine-generated web pages to exploit this trick. The dummy pages were typically filled with repitions of some nonsense paragraph, with self-links (to other dummy pages) and client-sponsored links interspersed here and there. The idea was that the self-linking would make the site look like a large, legit site to Google, which would mark it as relatively well-trusted and influential. Then Google would dutifully note the client-sponsored links and rank them highly. I believe Google has worked on ways to stop this; I don't know how successful they've been, or if the dummy-site makers are still around.

  20. My solution by NeoSkandranon · · Score: 3, Insightful

    I don't reallly have a blog, as such, but my domain does have a PHP site that has galleries of my photographs which viewers are able to comment on. Lately i've been getting spam from people who apparently randomly find my site and decide they have to leave their mark (much like dogs leave their marks on bushes)

    my solution? Have MySQL log IP addresses along with the comment submission. My intended audience is so small I know the majority of the viewers personally, and thus have no issue walling off an entire ISP ( after reporting that IP address to said ISP's abuse dept)

    --
    If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
  21. something similer happened on my BBS by night_flyer · · Score: 3, Interesting

    but it was a little different, the messages that were already there were replied to, but they had "empty" response, unless you looked reallu close one "character" in the reply to message now had a link attached to it.

    I dont remember where it was linking to but I think it was a seach index or something similer.

    were they trying to boost the ranking on search engines by having these so called links in place?

    --


    Thanks to file sharing, I purchase more CDs
    Thanks to the RIAA, I buy them used...
  22. privacy, openness, spamfree by epine · · Score: 3, Interesting


    Wake up and smell the bacon, people. The techno-utopianism of Wired when it was boosting the dotcom era into orbit has proven itself a poor match with human nature on all fronts.

    The benificient fathers of the internet made two horrendous design decisions concerning the final destination of a global internetwork: excessively strong anonimity and a near zero cost for dumping pollution into public media.

    Privacy, openness, spam-free: pick any two.

    For anyone who looked into ECC yesterday, you might have noticed that RSA has ideal properties for preventing some of this mess: expensive to sign a certificate, cheap to verify, and the ratio becomes worse as you scale up.

    If every spam artifact was signed with an anonymous RSA cert (anyone could make as many of these as they wish), as soon as one spam is confirmed, every other post signed by the known-spam cert could be instantly revoked.

    This would force the spammers to create a new anonymous cert for every spam instance. Yet with RSA certs, the computational cost to generate a cert is vastly greater than the cost to verify the cert.

    As an added step, the cert could require the IP address of both endpoints to be embedded inside (the server would reflect back the IP source address it sees, and then ask for an anonymous cert to be generated at a desired RSA key size).

    We won't have to damage anonymity very much to vastly increase the cost of dumping pollution.

    In this respect, weblogs would be a good place to start. This is a relatively new technology that could be retrofitted at one percent of the cost of a global e-mail infrastructure upgrade. It really doesn't matter if you inconvience a few bloggers working out the kinks, these people have not much useful to do in any case.