digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Are You Seeing this New Kind of Blog Spam?

blog.defensio.com — Have you noticed a new weird kind of spam, without URLs or anything to sell, hitting your blog? This article takes a stab at explaining what it's all about.

Bury
show profanity settings
expand all
  • pleeker, on 10/27/2007, -2/+23Good, quick read, and it'll encourage me to keep a closer eye on some of the strange comments I've seen in recent weeks.
    • TomP, on 10/27/2007, -5/+25Site Down

      Copypasta

      We here at Defensio HQ see a lot of spam; spam in all its flavors and incarnations. Occasionally we see new techniques that baffle the mind. URL-less spam (that is, spam not containing URLs) is one of these baffling new forms of spam we’ve seen cross our desk, so puzzling that it’s worth delving in to try to understand what in the world it means.

      Example

      URL-less spam looks like the following:

      http://blog.defensio.com/wp-content/uploads/2007/0 ...

      Notice that this commenter (i.e. spammer) has not left a URL with his/her credentials, nor has he/she supplied any URLs in the body of the comment.

      The Issue

      Why is this strange? Because the entire reason spammers typically hit blogs with their bogus comments is to populate the web with URLs that link back to their spammy sites, and thus manage to exploit the Google juice of the sites they breach with the goal of boosting their own search engine rank. And so, bombarding a blog with comments that do not contain URLs defeats the whole purpose, and results in no obvious net benefit to the spammer, other than the evil satisfaction of annoying the hell out of bloggers.

      Motives

      So if not to exploit Google juice, why do spammers go with a URL-less approach? Two theories:

      1) To “train” spam filters to allow specific keywords.

      Filters that use statistical filtering learn over time. By having legitimate-looking comments make it through the filter, while containing a handful of specifically-chosen keywords, spammers could be trying to tip statistical filters toward starting to consider such keywords as innocent, thus increasing the likelihood that future spam comments containing these words will bypass spam defenses.

      2) To be whitelisted.

      Some spam filters allow users that successfully post comments X number of times to be added to a whitelist, meaning they will bypass the filter in the future. Since URL-less spam typically looks fairly normal, spammers hope that bloggers will fail to identify their comment as spam enough times that auto-whitelisting might kick in.

      These motives are simply our best guesses at what might be in spammers’ nefarious minds. Who knows, simple annoyance could be their sole, inexplicable, goal?
      • cmer, on 10/10/2007, -1/+7Cached: http://208.78.102.37/
      • potp, on 10/10/2007, -0/+7They do this by first asking a question or commenting on something but post no link. the bot then comes back later after 3 to 5 days and post a link that has something to do with original discussion to make it seem legitimate. Got hit by a few of these on my forum too. Since i got a really aggressive anti spam policy i was easily able to track these new spambot.
      • noahhoward, on 10/10/2007, -3/+1The article really needs to go into more detail about why this is considered spam. At the moment it looks like it is supposed to be a tongue in cheek comment on how real, legitimate comments are so rare they are now mistaken for spam.
        • mtekk, on 10/10/2007, -0/+1because real users don't go around using the same name and stating blatantly vague messages. SpamKarma2 tends to keep those URI less spams moderated as spam, which is cool.
      • AndrewJC, on 10/10/2007, -0/+2Wordpress has a plugin called CryptograPHP that inserts a captcha into comments for non-logged-in users. I've had zero spam comments in the last several months since installing it. It's been a godsend to me, even though I don't get many people coming to my site.
  • BarbaraKolbe, on 10/27/2007, -1/+17Been deleting and marking them as spam for about six months now.
    • MicroBerto, on 10/10/2007, -1/+5I'm so thankful for Akismet on WordPress. I don't have that popular of a blog, but I get well into the thousands of spams a week.

      Once in a while it seems to just stop working though, on Friday night I came home and about 15 ads for certain drugs made it through (they are spelled Phe________ and Tra_____... I refuse to give them mention on the net). What a pain.
      • arjie, on 10/10/2007, -0/+1Same thing happens to me. I have a disproportionate number of spammers in relation to readers. Anyway, I only allow comments to appear once the commentator has had one other approved comment. Then I can just look at the spam ips and use phpmyadmin to mark all of that ip's stuff as spam (the wildcarding makes handling ranges easier). For a couple of weeks I had more than 1000 spam messages a day getting through Akismet, so WP would stop opening the Manage Comments page where I could mark them as spam. Then you have to use SQL.
        • MicroBerto, on 10/10/2007, -0/+1That's a great idea. I will have to find out how to do the one-time approval thing. If you see this reply, please let me know where you do that. Gonna google it up
    • cmer, on 10/10/2007, -2/+1Defensio has been doing pretty darn good with those.
    • worstcomment, on 10/10/2007, -2/+0Yeah? Well I knew about spam when it was underground...
  • mydigga, on 10/27/2007, -7/+144Thank you for the post - a true resource, and one many people clearly enjoy
    • gnoffa, on 10/10/2007, -10/+2I was expecting this.
      • greengiant2684, on 10/27/2007, -0/+12Thank you for the comment - a true resource, and one many people clearly enjoy
  • t1m0j5, on 10/10/2007, -8/+6site down already, so useless for me.
    • clickwir, on 10/10/2007, -0/+3I'll summarize. It's called building a rapport with someone before spamming them. Same thing a salesman does, gets to know you first, chats you up. Then hits you with the sale. It's the same thing, but for blogs.
  • bib4tuna, on 10/27/2007, -0/+41you all should know something is afoot when someone actually enjoys what you wrote about
  • Goobernutz, on 10/10/2007, -4/+4maybe someone actually likes the website and they are clearly enjoying it and they have a ridiculous email address because all the good ones are taken. just a thought.
    • potp, on 10/10/2007, -3/+4they can shove the ridiculous email id up their butt. how hard is it to register with a gmail, yahoo, hotmail (shudders at the though) or any other major email provider.
  • weux, on 10/27/2007, -1/+35Adventures in Spam: Part I

    We here at Defensio HQ see a lot of spam; spam in all its flavors and incarnations. Occasionally we see new techniques that baffle the mind. URL-less spam (that is, spam not containing URLs) is one of these baffling new forms of spam we’ve seen cross our desk, so puzzling that it’s worth delving in to try to understand what in the world it means.

    Example
    URL-less spam looks like the following:
    Thank you for the great web site - a true resource, and one many people clearly enjoy

    A spam comment without any url
    Notice that this commenter (i.e. spammer) has not left a URL with his/her credentials, nor has he/she supplied any URLs in the body of the comment.

    The Issue
    Why is this strange? Because the entire reason spammers typically hit blogs with their bogus comments is to populate the web with URLs that link back to their spammy sites, and thus manage to exploit the Google juice of the sites they breach with the goal of boosting their own search engine rank. And so, bombarding a blog with comments that do not contain URLs defeats the whole purpose, and results in no obvious net benefit to the spammer, other than the evil satisfaction of annoying the hell out of bloggers.

    Motives
    So if not to exploit Google juice, why do spammers go with a URL-less approach? Two theories:

    1) To “train” spam filters to allow specific keywords.
    Filters that use statistical filtering learn over time. By having legitimate-looking comments make it through the filter, while containing a handful of specifically-chosen keywords, spammers could be trying to tip statistical filters toward starting to consider such keywords as innocent, thus increasing the likelihood that future spam comments containing these words will bypass spam defenses.

    2) To be whitelisted.
    Some spam filters allow users that successfully post comments X number of times to be added to a whitelist, meaning they will bypass the filter in the future. Since URL-less spam typically looks fairly normal, spammers hope that bloggers will fail to identify their comment as spam enough times that auto-whitelisting might kick in.

    These motives are simply our best guesses at what might be in spammers’ nefarious minds. Who knows, simple annoyance could be their sole, inexplicable, goal?
    • NiX0n, on 10/10/2007, -0/+153) Some posts contain odd phrases/misspelled words that can be later Google'd later as a makeshift "homing signal" for bots searching for open comment systems.
  • silfiriel, on 10/27/2007, -2/+15I don't get it, how can you tell it's a spam, according to the article, these lines that I have written are spam, everything is spam. Can someone simplify?
    • rrasco, on 10/27/2007, -0/+19But only it's not....you know these comments when you see them.
    • evildemonic, on 10/27/2007, -0/+18The spam is usually posted by a bot, so rarely is appropriate for the subject. Look for nonsense posts, or short overly-vague comments.
      • Knobee, on 10/10/2007, -0/+25Hrm.. sounds like any comment on Digg to me.
        • Scynet, on 10/10/2007, -0/+5And for the same reason.
        • xister, on 10/10/2007, -0/+10Thank you for the great comment - a true resource, and one many people clearly enjoy
      • Angostura, on 10/10/2007, -4/+10The problem is that Christianity is essentially monotheistic, whereas the iPod Touch is designed to appeal to Ron Paul supporters.
    • AndrewJC, on 10/27/2007, -0/+7Look at the email address. If it's to a nonexistent site, or if it's a string of random characters, it's spam.
    • silfiriel, on 10/10/2007, -0/+1thanks now i get it
  • noahhoward, on 10/10/2007, -14/+2This is either a very good tongue in cheek post... or the stupidest thing I've ever seen.
    • Shoogle, on 10/10/2007, -0/+1"Thank you for the uninformed comment - a true resource, and one many people clearly snicker at"
  • haentz, on 10/27/2007, -15/+28Thank you for the great website - a true resource, and one many people clearly enjoy.
  • ShooterMcGavin, on 10/27/2007, -7/+7I fought a serious battle with this earlier this year. Between all my various filters and whatnot, my blog was getting upwards of 60 to 80 spam comments a day. Luckily, they were all going either into a filter, or into the moderation queue. But that still made me crazy, weeding through all those for any false positives.

    Finally, after getting fed up, I came across a wordpress plugin that displays a word that users must type in, in order to comment, just like the big boy sites use. (its here: http://www.theblog.ca/?p=21 if anyone is interested)

    Since then, I haven't had a single spam hit my moderation queue or my other filters. It's been great!
    • ncc74656m, on 10/10/2007, -4/+3Spam!
    • legendxx, on 10/10/2007, -3/+10aww thats cute.. ShooterMcGavin discovered Captcha! BTW installing captcha takes upwords of 2 minutes and please never refer to a battle with spam as 'serious'
      • indicas, on 10/10/2007, -0/+3Why not? Everyone and their mother seems to call it a "serious" battle - look at BlueFrog and similar companies.
    • breckinshire, on 10/10/2007, -0/+13I'd settle for 60 to 80 bots looking at my blog everyday. Right now it's just my mom.
  • Unnis, on 10/10/2007, -1/+3As interesting as it is, it's nothing new - I have seen bulk posts on Usenet many years ago with a simple question "What is this newsgroup for" - the from address pointed to a known spammer organization which simply sends out spam e-mails to sell stuff (and they expected to get e-mails.) There also was some spammers that follow-up to random postings with a simple "thank you" or "thanks".
    Spammers have two ultimate goals - either to get money, or to be disruptive. This is merely a variation on a theme of disruption (at least for now).
  • Heaiser, on 10/10/2007, -0/+10Appears to be down. http://duggmirror.com/tech_news/Are_You_Seeing_thi ...
  • cmer, on 10/10/2007, -6/+2Cache here: http://208.78.102.37/
  • chrisbarr, on 10/10/2007, -0/+1I find this all the time for websites I manage. I have several sites up for singers, and I've added a guestbook on the site with a CAPTCHA form too, but about once a week or so each site has multiple spam comments on it with no links and just a bunch of gibberish text! It's really ticking me off! I'm switching to a newer/better CAPTCHA this week, so lets hope that will at least reduce it.
    • cmer, on 10/10/2007, -0/+2Spammers always find ways around captcha. What you need is a better spam filter!
  • crackedplastic, on 10/10/2007, -1/+10Looks like the spam is being propagated all over:

    http://tinyurl.com/ytky77

    (Before you ask, the URL is a Google search link, but very long; so it's truncated with tinyurl).
    • clickwir, on 10/10/2007, -5/+5Who cares how long it is, it's not like I have to type it out.

      If it's a really short URL, all I have to do is click.
      But, if it's a really long, really really long url.... all I have to do is click. Thus, tinyurl is useless.
      • crackedplastic, on 10/10/2007, -0/+5I had some URLs truncated by Digg yesterday, which is the reason for using tinyurl.
        • arjie, on 10/10/2007, -0/+1Try putting it in quotes, I'm told that works.
  • BlueLaser, on 10/10/2007, -0/+3This site is available on duggmirror for those that are interested.

    I like blog commenter John Andrew's idea. I think the "footprints" concept makes great sense. If the awkwardly worded (and thus easily "grep-able") manual comment gets posted, the auto spammer will find it when it scans the Internet for published comments and then do its dirty work.

    Also, along the lines of training filters, I think these comments could also be trying to train Google. Google's algorithms automatically try to detect when links are from spam sources and ignore them when determining PageRank. If these comments make that process more difficult and in turn enable some spam to pass Google's filtering, that will help the spammers end goal of improving SRP placement.
  • guymac, on 10/10/2007, -1/+4It's real simple. In Wordpress, there is an option to allow comments or trackbacks after one comment has been approved. Ergo, these are spam trolls for that first approval.
    • cmer, on 10/10/2007, -0/+1It doesn't mean that it won't go through a spam filter, though. It just means that the comment won't sit in moderation queue if it's detected as ham by the spam filter.
      • computergod, on 10/10/2007, -0/+1Perhaps they can get past the filter, but are having trouble with the moderation queue. This technique would bypass the moderator.
  • clickwir, on 10/10/2007, -3/+2This might be new to blogs, but it's really just the same as trying to build a rapport with someone. This technique has been used by humans for thousands of years.
  • oldhick, on 10/10/2007, -2/+1Where's the guy that constantly spams digg with his stupid polls???
  • weeeezzll, on 10/10/2007, -4/+2New? They have been using this "noise" spam for quite sometime now. Via blog comments, email and submitting their keyword pages to search engines. Nothing new to see here folks.
  • ncc74656m, on 10/10/2007, -0/+1I suspect it's hypothesis #1. The concept of training a spam filter has been growing in the past, and let's face it, it's working.
    • cmer, on 10/10/2007, -0/+2Well, it's not working with Defensio! We've been doing pretty good at filtering these spams out!
  • crunchyeyeball, on 10/10/2007, -3/+111) To “train” spam filters to allow specific keywords.
    2) To be whitelisted.

    ...there is another possiblity:

    3) Someone could be testing/calibrating a new type of spambot - let it go off and do it's thing with a set of fairly innocent-looking phrases for a while, perhaps with a different strategy for each phrase, and track how many Google hits that particular phrase gets for each bot over time - whichever phrase shows the biggest jump in hits becomes the winning strategy, and the bot controller can start pumping out the real spam :(
    • scorchiox, on 10/10/2007, -0/+1Or...

      4) Innocuous comment provided to attract and bait scammers.

      This is a tactic mentioned on various 419 scam baiting sites. For the uninitiated, these are communities of people who pretend to be really interested in the millions of dollars that the wife of a recently deceased Nigerian military leader needs help in moving, in order to mislead and waste the time of the scammers behind the stories. By sprinkling comments on a handful of blogs or guestbooks, an email address is dangled to attract the scam emails. They recommend against spamming, though, and that only genuine comments should be left.
  • fak3r, on 10/10/2007, -6/+5I enjoyed your page. Keep up the good work! Feel free to visit my page. It’s cool too.D
  • DoorFrame, on 10/10/2007, -1/+1I assumed that the point of these was for consumption only by the blog's editor. We look at the spam posting, are confused by it because it's clearly spam but isn't advertising anything, and then might, out of curiosity, backtrack on the poster's email address's domain name. Maybe?
  • redivider, on 10/10/2007, -7/+2Yeah I've been dealing with this "new" kind of blog spam for at least a year now.
    • cmer, on 10/10/2007, -1/+2It hasn't been around for a year on blogs. At least, it wasn't a problem until just a few months ago.
  • thechris353, on 10/10/2007, -8/+2Thank you for the great digg - a true resource, and one many people clearly enjoy.
  • jhnewt, on 10/10/2007, -1/+6whoops, digg me down. (is this spam?)
  • Launchify, on 10/10/2007, -5/+2Aren't the reasons behind this type of "spam" obvious? I wish there were a "no *****" option on Digg's bury system.
    • scronline, on 10/10/2007, -2/+1I wish there was a method to keep web loggers from spamming up digg that actually worked. 10 things this, 20 things that gets really annoying.
  • theforrester, on 10/10/2007, -2/+1I always love it when you click on a link and the site is down from all the traffic it's suddenly getting from Digg.
  • lynx77, on 10/10/2007, -0/+2A lot of blogs have the setting 'allow verification after one approved comment' - thats one of the 3 default options in Wordpress anyway.

    Get one comment through and have it approved and then the spam gates are open. I really hope this doens't work as well as i think it will because I'll have to go back to manually approving comments again. Bang goes an hour of my life every day.
  • jauntyalan, on 10/10/2007, -0/+1the blog i help run gets non-link spam like this all the time. akismet catches it though.
  • arjie, on 10/10/2007, -1/+1I've also got quite a few spam comments that have all the links intact but have rel="nofollow" in them. What are they trying to achieve by doing that?
  • anchorman, on 10/10/2007, -0/+12Has anyone here visited Viagra Falls? It's a really big waterfall way up at the top of the country. Huge tourist attraction.
    • Jeffler, on 10/10/2007, -0/+3I heard they're trying to increase the size of it though.
  • jthomp, on 10/10/2007, -2/+1Actually most of the blog spam I notice is on digg itself. Hmm... wonder how we can remove that... ya know, those many, many, MA-NY award-winning pieces of literature about how Linux is "killing Windows" and how "this year could be the year of Linux!", all the "Top 10 Reasons To Use w/e" or "Top 100 Reasons To Not Use w/e"... Since when did we consider someone's personal blog, who very few people besides the blog's owner have ever even seen (or pay any attention to for that matter), a credible news source?
    • HaltingPoint, on 10/10/2007, -0/+2Since when did we consider any of the other popular sites a credible news source? The only different between my blog, and the NY Times is that they have more money than me, and better writers. If you are making that claim based on who's information is more factual, I'd again draw a comparison to the NY Times who has been found to be vulnerable to inaccurate information.

      Bottom line: I've written many interesting, insightful posts on my blog and submitted several of them long ago. People blasted me as a blog spammer despite when it was 100% original content and don't listen to reason. Let's face it, Digg is a site that wishes it were truly ruled by the masses, instead of fully dominated by the popular few posters and popular few sites that grace its pages, which is the reality.
  • EuroMarkus, on 10/10/2007, -0/+3It’s for whitelisting and then return link-dropping.

    If they use the same line(s) in the blogs they can do a google search on their string to see which have been indexed, which prompts them to return and drop in their URLs.

    If you do a google search on “a true resource, and one many people clearly enjoy” it returns 741 hits
  • h0zae, on 10/10/2007, -0/+2I read the title assuming it was related to all the new "fans" on digg... ;( - good article though
  • mateo60, on 10/10/2007, -0/+1I get a lot of emails like that too, no URLs, just gibberish. I know they're being sent to break my Junk Mail filters. It really ticks me off too, I want to report them as spam, but I know that it's not the best idea.

    Now I'm mad and need a cigareette.
  • diggality, on 10/10/2007, -2/+1That's been around quite a while.
  • racketboy, on 10/10/2007, -0/+1That's why I constantly delete comments that seem suspicious.
    I'm getting a lot of spammer trackbacks as well.
    Trackbacks don't get caught in the comment spam filter, but still give a link back to the original blog.
  • springo, on 10/10/2007, -1/+1Does this mean you can't get good feedback without it being spam? That sucks.
  • superkendall, on 10/10/2007, -1/+2I've been seeing the final motion from this action on DPReview recently - at least one account was created a month ago, and the user posted about twenty basically useless messages almost exactly like the ones the article described.

    Well a month later, and all the sudden we get three posts in three forums with a link to some "great" portal site.

    I think it's partly an effort to make people think twice about flagging it as spam in the system, since they are in theory a real user...

    A second account was recently created and went directly to posting the links.

    Happily DPreview is very proactive at removing spam, and most users flag it quickly.
  • froman118, on 10/10/2007, -0/+1I've got Bad Behavior, http://www.homelandstupidity.us/software/bad-behav ... running on my Wordpress Blog and it does wonders. It checks how the comment submission is actually made to help determine if it is a bot and blocks the HTTP request. Went from a couple hundred spam getting caught by the WP filters to a couple a day and maybe 1 of these new "Nice site" comments per month.
  • .Steven, on 10/10/2007, -1/+1They put the URL in the name thingo..
  • Pottypotsworth, on 10/10/2007, -0/+0Nice idea, but how can this method be used to gain link juice to a spammy website? Pretty much every blog system on the internet uses the rel="nofollow" tag in comment links. Google passes no link juice/trust links with no follow.
  • Stormen, on 10/10/2007, -6/+2Thank you for the great website - a true resource, and one many people clearly enjoy.
  • smek2, on 10/10/2007, -0/+2A bullet to every spammers head!
  • HeyJued, on 10/10/2007, -1/+1The writer complains about blog spam, yet the link is to a Blog.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.