digg

Facebook Connect Join Digg About

Are You Seeing this New Kind of Blog Spam?

blog.defensio.com Have you noticed a new weird kind of spam, without URLs or anything to sell, hitting your blog? This article takes a stab at explaining what it's all about.

Who dugg this? Made popular Sep 26, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

97 Comments

show profanity settings
expand all
  • inactive, on 10/27/2007, -7/+145Thank you for the post - a true resource, and one many people clearly enjoy
  • bib4tuna, on 10/27/2007, -0/+41you all should know something is afoot when someone actually enjoys what you wrote about
  • weux, on 10/27/2007, -1/+35Adventures in Spam: Part I

    We here at Defensio HQ see a lot of spam; spam in all its flavors and incarnations. Occasionally we see new techniques that baffle the mind. URL-less spam (that is, spam not containing URLs) is one of these baffling new forms of spam we’ve seen cross our desk, so puzzling that it’s worth delving in to try to understand what in the world it means.

    Example
    URL-less spam looks like the following:
    Thank you for the great web site - a true resource, and one many people clearly enjoy

    A spam comment without any url
    Notice that this commenter (i.e. spammer) has not left a URL with his/her credentials, nor has he/she supplied any URLs in the body of the comment.

    The Issue
    Why is this strange? Because the entire reason spammers typically hit blogs with their bogus comments is to populate the web with URLs that link back to their spammy sites, and thus manage to exploit the Google juice of the sites they breach with the goal of boosting their own search engine rank. And so, bombarding a blog with comments that do not contain URLs defeats the whole purpose, and results in no obvious net benefit to the spammer, other than the evil satisfaction of annoying the hell out of bloggers.

    Motives
    So if not to exploit Google juice, why do spammers go with a URL-less approach? Two theories:

    1) To “train” spam filters to allow specific keywords.
    Filters that use statistical filtering learn over time. By having legitimate-looking comments make it through the filter, while containing a handful of specifically-chosen keywords, spammers could be trying to tip statistical filters toward starting to consider such keywords as innocent, thus increasing the likelihood that future spam comments containing these words will bypass spam defenses.

    2) To be whitelisted.
    Some spam filters allow users that successfully post comments X number of times to be added to a whitelist, meaning they will bypass the filter in the future. Since URL-less spam typically looks fairly normal, spammers hope that bloggers will fail to identify their comment as spam enough times that auto-whitelisting might kick in.

    These motives are simply our best guesses at what might be in spammers’ nefarious minds. Who knows, simple annoyance could be their sole, inexplicable, goal?
  • Knobee, on 10/10/2007, -0/+25Hrm.. sounds like any comment on Digg to me.
  • pleeker, on 10/27/2007, -2/+24Good, quick read, and it'll encourage me to keep a closer eye on some of the strange comments I've seen in recent weeks.
  • TomP, on 10/27/2007, -5/+26Site Down

    Copypasta

    We here at Defensio HQ see a lot of spam; spam in all its flavors and incarnations. Occasionally we see new techniques that baffle the mind. URL-less spam (that is, spam not containing URLs) is one of these baffling new forms of spam we’ve seen cross our desk, so puzzling that it’s worth delving in to try to understand what in the world it means.

    Example

    URL-less spam looks like the following:

    http://blog.defensio.com/wp-content/uploads/2007/0 ...

    Notice that this commenter (i.e. spammer) has not left a URL with his/her credentials, nor has he/she supplied any URLs in the body of the comment.

    The Issue

    Why is this strange? Because the entire reason spammers typically hit blogs with their bogus comments is to populate the web with URLs that link back to their spammy sites, and thus manage to exploit the Google juice of the sites they breach with the goal of boosting their own search engine rank. And so, bombarding a blog with comments that do not contain URLs defeats the whole purpose, and results in no obvious net benefit to the spammer, other than the evil satisfaction of annoying the hell out of bloggers.

    Motives

    So if not to exploit Google juice, why do spammers go with a URL-less approach? Two theories:

    1) To “train” spam filters to allow specific keywords.

    Filters that use statistical filtering learn over time. By having legitimate-looking comments make it through the filter, while containing a handful of specifically-chosen keywords, spammers could be trying to tip statistical filters toward starting to consider such keywords as innocent, thus increasing the likelihood that future spam comments containing these words will bypass spam defenses.

    2) To be whitelisted.

    Some spam filters allow users that successfully post comments X number of times to be added to a whitelist, meaning they will bypass the filter in the future. Since URL-less spam typically looks fairly normal, spammers hope that bloggers will fail to identify their comment as spam enough times that auto-whitelisting might kick in.

    These motives are simply our best guesses at what might be in spammers’ nefarious minds. Who knows, simple annoyance could be their sole, inexplicable, goal?
  • weux, on 10/10/2007, -3/+23Thats been done.
  • pardimate, on 10/10/2007, -1/+21Doesn't that make it even spammier than?
  • rrasco, on 10/27/2007, -0/+19But only it's not....you know these comments when you see them.
  • evildemonic, on 10/27/2007, -0/+18The spam is usually posted by a bot, so rarely is appropriate for the subject. Look for nonsense posts, or short overly-vague comments.
  • BarbaraKolbe, on 10/27/2007, -1/+17Been deleting and marking them as spam for about six months now.
  • NiX0n, on 10/10/2007, -0/+153) Some posts contain odd phrases/misspelled words that can be later Google'd later as a makeshift "homing signal" for bots searching for open comment systems.
  • haentz, on 10/27/2007, -15/+29Thank you for the great website - a true resource, and one many people clearly enjoy.
  • breckinshire, on 10/10/2007, -0/+13I'd settle for 60 to 80 bots looking at my blog everyday. Right now it's just my mom.
  • inactive, on 10/10/2007, -0/+13Has anyone here visited Viagra Falls? It's a really big waterfall way up at the top of the country. Huge tourist attraction.
  • greengiant2684, on 10/27/2007, -0/+13Thank you for the comment - a true resource, and one many people clearly enjoy
  • silfiriel, on 10/27/2007, -2/+15I don't get it, how can you tell it's a spam, according to the article, these lines that I have written are spam, everything is spam. Can someone simplify?
  • xister, on 10/10/2007, -0/+10Thank you for the great comment - a true resource, and one many people clearly enjoy
  • Heaiser, on 10/10/2007, -0/+10Appears to be down. http://duggmirror.com/tech_news/Are_You_Seeing_thi ...
  • crackedplastic, on 10/10/2007, -1/+10Looks like the spam is being propagated all over:

    http://tinyurl.com/ytky77

    (Before you ask, the URL is a Google search link, but very long; so it's truncated with tinyurl).
  • crunchyeyeball, on 10/10/2007, -3/+111) To “train” spam filters to allow specific keywords.
    2) To be whitelisted.

    ...there is another possiblity:

    3) Someone could be testing/calibrating a new type of spambot - let it go off and do it's thing with a set of fairly innocent-looking phrases for a while, perhaps with a different strategy for each phrase, and track how many Google hits that particular phrase gets for each bot over time - whichever phrase shows the biggest jump in hits becomes the winning strategy, and the bot controller can start pumping out the real spam :(
  • inactive, on 10/10/2007, -0/+8They do this by first asking a question or commenting on something but post no link. the bot then comes back later after 3 to 5 days and post a link that has something to do with original discussion to make it seem legitimate. Got hit by a few of these on my forum too. Since i got a really aggressive anti spam policy i was easily able to track these new spambot.
  • cmer, on 10/10/2007, -1/+8Cached: http://208.78.102.37/
  • Angostura, on 10/10/2007, -4/+11The problem is that Christianity is essentially monotheistic, whereas the iPod Touch is designed to appeal to Ron Paul supporters.
  • legendxx, on 10/10/2007, -3/+10aww thats cute.. ShooterMcGavin discovered Captcha! BTW installing captcha takes upwords of 2 minutes and please never refer to a battle with spam as 'serious'
  • AndrewJC, on 10/27/2007, -0/+7Look at the email address. If it's to a nonexistent site, or if it's a string of random characters, it's spam.
  • mtekk, on 10/10/2007, -0/+6I see what you did there
  • crackedplastic, on 10/10/2007, -0/+5I had some URLs truncated by Digg yesterday, which is the reason for using tinyurl.
  • Scynet, on 10/10/2007, -0/+5And for the same reason.
  • jhnewt, on 10/10/2007, -1/+6whoops, digg me down. (is this spam?)
  • MicroBerto, on 10/10/2007, -1/+5I'm so thankful for Akismet on WordPress. I don't have that popular of a blog, but I get well into the thousands of spams a week.

    Once in a while it seems to just stop working though, on Friday night I came home and about 15 ads for certain drugs made it through (they are spelled Phe________ and Tra_____... I refuse to give them mention on the net). What a pain.
  • Jeffler, on 10/10/2007, -0/+4I heard they're trying to increase the size of it though.
  • inactive, on 10/10/2007, -1/+4 Your being Dugg down,guess a spammer is not too happy with you.
    :>)
  • BlueLaser, on 10/10/2007, -0/+3This site is available on duggmirror for those that are interested.

    I like blog commenter John Andrew's idea. I think the "footprints" concept makes great sense. If the awkwardly worded (and thus easily "grep-able") manual comment gets posted, the auto spammer will find it when it scans the Internet for published comments and then do its dirty work.

    Also, along the lines of training filters, I think these comments could also be trying to train Google. Google's algorithms automatically try to detect when links are from spam sources and ignore them when determining PageRank. If these comments make that process more difficult and in turn enable some spam to pass Google's filtering, that will help the spammers end goal of improving SRP placement.
  • guymac, on 10/10/2007, -1/+4It's real simple. In Wordpress, there is an option to allow comments or trackbacks after one comment has been approved. Ergo, these are spam trolls for that first approval.
  • inactive, on 10/10/2007, -0/+3That is funny!
  • clickwir, on 10/10/2007, -0/+3I'll summarize. It's called building a rapport with someone before spamming them. Same thing a salesman does, gets to know you first, chats you up. Then hits you with the sale. It's the same thing, but for blogs.
  • EuroMarkus, on 10/10/2007, -0/+3It’s for whitelisting and then return link-dropping.

    If they use the same line(s) in the blogs they can do a google search on their string to see which have been indexed, which prompts them to return and drop in their URLs.

    If you do a google search on “a true resource, and one many people clearly enjoy” it returns 741 hits
  • AndrewJC, on 10/10/2007, -0/+3Wordpress has a plugin called CryptograPHP that inserts a captcha into comments for non-logged-in users. I've had zero spam comments in the last several months since installing it. It's been a godsend to me, even though I don't get many people coming to my site.
  • indicas, on 10/10/2007, -0/+3Why not? Everyone and their mother seems to call it a "serious" battle - look at BlueFrog and similar companies.
  • cmer, on 10/10/2007, -0/+2Well, it's not working with Defensio! We've been doing pretty good at filtering these spams out!
  • smek2, on 10/10/2007, -0/+2A bullet to every spammers head!
  • cmer, on 10/10/2007, -0/+2Spammers always find ways around captcha. What you need is a better spam filter!
  • h0zae, on 10/10/2007, -0/+2I read the title assuming it was related to all the new "fans" on digg... ;( - good article though
  • antdude, on 10/10/2007, -0/+2http://duggmirror.com/tech_news/Are_You_Seeing_thi ... too.
  • inactive, on 10/10/2007, -0/+2A lot of blogs have the setting 'allow verification after one approved comment' - thats one of the 3 default options in Wordpress anyway.

    Get one comment through and have it approved and then the spam gates are open. I really hope this doens't work as well as i think it will because I'll have to go back to manually approving comments again. Bang goes an hour of my life every day.
  • Unnis, on 10/10/2007, -1/+3As interesting as it is, it's nothing new - I have seen bulk posts on Usenet many years ago with a simple question "What is this newsgroup for" - the from address pointed to a known spammer organization which simply sends out spam e-mails to sell stuff (and they expected to get e-mails.) There also was some spammers that follow-up to random postings with a simple "thank you" or "thanks".
    Spammers have two ultimate goals - either to get money, or to be disruptive. This is merely a variation on a theme of disruption (at least for now).
  • mtekk, on 10/10/2007, -0/+2because real users don't go around using the same name and stating blatantly vague messages. SpamKarma2 tends to keep those URI less spams moderated as spam, which is cool.
  • HaltingPoint, on 10/10/2007, -0/+2Since when did we consider any of the other popular sites a credible news source? The only different between my blog, and the NY Times is that they have more money than me, and better writers. If you are making that claim based on who's information is more factual, I'd again draw a comparison to the NY Times who has been found to be vulnerable to inaccurate information.

    Bottom line: I've written many interesting, insightful posts on my blog and submitted several of them long ago. People blasted me as a blog spammer despite when it was 100% original content and don't listen to reason. Let's face it, Digg is a site that wishes it were truly ruled by the masses, instead of fully dominated by the popular few posters and popular few sites that grace its pages, which is the reality.
  • superkendall, on 10/10/2007, -1/+2I've been seeing the final motion from this action on DPReview recently - at least one account was created a month ago, and the user posted about twenty basically useless messages almost exactly like the ones the article described.

    Well a month later, and all the sudden we get three posts in three forums with a link to some "great" portal site.

    I think it's partly an effort to make people think twice about flagging it as spam in the system, since they are in theory a real user...

    A second account was recently created and went directly to posting the links.

    Happily DPreview is very proactive at removing spam, and most users flag it quickly.
  • Fetching more discussions...
    Show 51 - 97 of 97 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.