Spam Rapidly Increasing In Weblog Comments

dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.

Wikis too?

[Thinkit3]

They would seem vulnerable to spamming. I was on a lojban wiki for awhile which was under the radar enough to avoid it, but don't know about now.

Here's My Solution

[notsewmit]

Since most blog spammers will search for "Remember personal info?" in various search engines to quickly find personal blogs, I edited my MovableType templates. Now, instead of saying "Remember personal info?" on the comments page, I have something else that spammers don't normally search for.

I've Noticed

[Starquake]

I read LiveJournal [livejournal.com] and I have noticed this. Anonymous comments with a link to some page I guess they are hoping you will click on out of curiousity. LiveJournal allows you to easily delete such comments but like e-mail spam it is still a hassle. The solution is simple: stop buying what spammers are offering and they will go under soon after.

Uh, try disabling comments altogether...

[ccnull]

This is reason #1 why I don't allow comments on my weblog [chrisnull.com] or any other site I run. Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...

Not every single web site needs to be a two-way communication system. That's what email and discussion groups are for.

Re:Mod

[Anonymous Coward]

Oh please, it doesn't even work on Slashdot half the time. Intelligent posts get modded down all the time because they're not the majority opinion.

Why let users comment on your blog at all?

[crazyphilman]

You're blogging to publish your thoughts to the world, right? Weeelllll, if your users want to say something, let them get their own blog. There's no law that says you have to start your own mini-slashdot. Make your blog read-only and the spam problem goes away.

Doesn't it?

I think the whole "open forum" thing is overrated... Look at all the junk that gets published here, on Slashdot, one of the more serious of the open forums (yeah, I know how crazy THAT comment is, but it's true).

I've been seeing this for months

[einer]

I run a phpbb [phpbb.org] based blog, for my friends and family, and it is definately a problem. So far, the only solution I've found is to block all users who register with an e-mail address from .ru and .tw. This is obviously a sub-optimal solution.

It's frustrating on so many levels. The spammer always sees a hit from your website in their logs if you do a background check on the user (you have to visit the site in order to realize it's spam), so the insentive to spam is reinforced. On the other hand, you run the risk of deleting a user who is truly interested in your site if you don't investigate their profile information.

Unfortunately, it's really easy to use google to find phpbb based sites, and it's just as easy to write a script to register yourself with all of these sites. The signal to noise ratio is making it hard for me to justify the admin time costs of running a public site.

The other (not as easy) solution is to modify your site code in some non-standard way so that their scripts fail.

An interesting double standard re: spammers

[Anonymous Coward]

I guess I'll get modded down for going against the grain, but here goes;
I find it bitterly amusing that /. readers are all pro freedom of speech even when it's things going as far as speech about how to crack corporate networks, but as soon as something as harmless as one or two adverts turn up in your inbox/browser, there's hell to pay. Guess what; you can't get everything for free. When you're not paying for things directly, you're paying for the 'net indirectly via adverts. Think it through the next time you start ranting against people exercising their rights to free speech to promote their fledgling business.

Solutions

[ChuckDivine]

One blog I frequent -- Samizdata [samizdata.net] (a libertarian site) -- was recently hit with this kind of stuff. They've initiated a technology that forces people to enter a code supplied on the comments page before being allowed to post a comment.

Slashdot's moderation feature may also help with this problem. If the spammer's goal is to be seen, rather than just Googled, moderating down spam as offtopic or some other negative category may help reduce that visibility.

Re:I've Noticed

[mcrbids]

The solution is simple: stop buying what spammers are offering and they will go under soon after.

This is one of those simple-sounding, and utterly worthless "solutions".

You see, you can stop buying what the spammers are offering, but will everybody else? You see, this world is chock-full of people who just don't get it when it comes to spam. They don't realize the mechanical nature of SPAM, many think the message was sent by somebody to them personally.

Scams were common in the 20th, 19th, 18th, 15th, and 11th century, why would they stop now?

So, really, what you in fact just said was " The solution is simple: change human nature for every person on the earth to a very cynical nature and then spend billions of dollars in education so that people know what SPAM is and how best to treat it, and they will go under soon after." .

Utopia doesn't exist, and won't as long as there are people to pollute it. In the meantime, we have to deal with the fact that this world has both unscrupulous people and suckers.

The solution is to change the protocol of Email to introduce enough resistance to communication to thwart SPAM. Until that happens, SPAM will be a problem.

Re:Why let users comment on your blog at all?

[poot_rootbeer]

Make your blog read-only and the spam problem goes away.

Doesn't it?

Yes, but in many cases so also will the blog's audience go away.

One of the key atttractions of small-to-middle-sized weblogs is the interactivity. If the blog author says something incorrect, you can let him know. If you have additional information pertaining to something a blogger wrote about, you can share it with her.

Without comments, blogs are just another one-way communications medium. Not to say that's an undesirable thing, but we already have plenty of those.

Re:Legislation

[Atzanteol]

Scary that somebody believes that anything annoying should have a *federal law* against it.

Would you like to be notified when the U.S. becomes a military state, or would you rather be thrown up against the wall when the time comes?

Every day I wish people would stop putting more and more control of their daily lives into the hands of Uncle Sam. Remember, the more control the government has, the less control you have.

Re:This is why...

[Anonymous Coward]

Yeah, there are a lot of those. I wouldn't use them due to the potential for abuse. Some of the more stupid ones allow images and scripts, and are basicly opening themselves to abuse.

Just think of what the trolls from here would do with something like this.

Re:This is why...

[brianosaurus]

Some people like to get comments about their blog entries. My mom actually asked if I could set up mine so she could leave comments. I'm still, uh, working on it.

With the massive adoption of programs like Moveable Type, the spammer's jobe becomes easier, since they only have to locate a new MT site and point their bots at it. Its pretty pathetic that they're even doing this, but not more than I'd expect from a bunch of bottom-feeders.

My solution

[NeoSkandranon]

I don't reallly have a blog, as such, but my domain does have a PHP site that has galleries of my photographs which viewers are able to comment on. Lately i've been getting spam from people who apparently randomly find my site and decide they have to leave their mark (much like dogs leave their marks on bushes)

my solution? Have MySQL log IP addresses along with the comment submission. My intended audience is so small I know the majority of the viewers personally, and thus have no issue walling off an entire ISP ( after reporting that IP address to said ISP's abuse dept)

Re:Don't be rediculous

[CGP314]

Actually, I think a bigger problem would be audience size. You need to reach a certain critical mass before the moderation system would work. Most blogs, my own included [colingregorypalmer.net], do not have the necessary audience.

Re:I have a quick and dirty solution.

[4of12]

That excludes people who prefer to browse using text, which is what that image recognition filter effectively does. Blind people, low bandwidth folks are automatically eliminated from the community.

Requiring a periodic human response at the other end of a live email address, after a time interval, helps some. It's still possible for spammers to cultivate a temporary reputation of responsibility and spam a site as their last post, but requiring them to periodically exert effort to prove they're authentically human helps to make spamming hard work.

It wouldn't hurt for sites to start keeping a growing list of bad urls and poisoned posters. A spider that visits url's, maybe one or two deep after the posted URL (phenomena of delayed appearance of herbal viagara behind URLs that are opaque looking), checks for spam links, and assigns big negative karma would help some, especially if it runs before the posting appears on the blog.

Re:An interesting double standard re: spammers

[NetDanzr]

When you're not paying for things directly, you're paying for the 'net indirectly via adverts. Think it through the next time you start ranting against people exercising their rights to free speech to promote their fledgling business.

Enlighten me, please, how does buying Viagra support the Internet?

I think you are confusing two issues here. On one side, you have the Web sites I want to visit and products I want to buy. I am fully aware that nothing is for free, and because of that I don't complain about banners or fees, if the Web sites contain information I want to access. In fact, when the site is really helpful to me, I click on banners even though I have not the slightest interest in the products advertised, only to increase the site's revenues.

On the other side, you have Web sites and products that I don't want to buy. I don't visit those sites, and I don't buy such products. As such, I don't own them anything, and thus I do my best to fight against their aggressive marketing campaign. If anything, they put additional burned on the Internet infrastructure without paying their share to "support the 'net" (if there is such a concept in the first place).

this is just a taste of our doom

[theCat]

Exploiting a commons to utter exhaustion is a well-understood human trait. We have never failed to do so as soon as the opportunity presents itself. This is because we have a well developed sense of personal gain, but a poorly developed sense of societal good, even to the point of our eventual individual destruction. If you are in a bright mood today and would like to read something to bring you down, try this lovely bit of rational thought: The Tragedy of the Commons [dieoff.com] by Garrett Hardin (1968)

I'll save you a bit of surfing by extracting a tasty morsel, but do glance over the rest as it is quite a classic:

[snip]

The tragedy of the commons develops in this way. Picture a pasture open to all. It is to be expected that each herdsman will try to keep as many cattle as possible on the commons. Such an arrangement may work reasonably satisfactorily for centuries because tribal wars, poaching, and disease keep the numbers of both man and beast well below the carrying capacity of the land. Finally, however, comes the day of reckoning, that is, the day when the long-desired goal of social stability becomes a reality. At this point, the inherent logic of the commons remorselessly generates tragedy.

As a rational being, each herdsman seeks to maximize his gain. Explicitly or implicitly, more or less consciously, he asks, "What is the utility to me of adding one more animal to my herd?" [snip technical stuff] [T]he rational herdsman concludes that the only sensible course for him to pursue is to add another animal to his herd. And another.... But this is the conclusion reached by each and every rational herdsman sharing a commons. Therein is the tragedy. Each man is locked into a system that compels him to increase his herd without limit -- in a world that is limited. Ruin is the destination toward which all men rush, each pursuing his own best interest in a society that believes in the freedom of the commons. Freedom in a commons brings ruin to all.

Some would say that this is a platitude. Would that it were! In a sense, it was learned thousands of years ago, but natural selection favors the forces of psychological denial. The individual benefits as an individual from his ability to deny the truth even though society as a whole, of which he is a part, suffers. Education can counteract the natural tendency to do the wrong thing, but the inexorable succession of generations requires that the basis for this knowledge be constantly refreshed.

[endsnip]

The key insight here is that freedom in a commons brings ruin to all. So in other words, we kid ourselves into thinking that our tiny individual impact does not make a difference, that societal good is not impaired, thus we have the freedom to pursue our impulses to better our share, and working individually this way we ruin everything that does not have a high barrier to entry. The way this applies to email/weblogs/Usenet/etc is that in the beginning the technical hurdles are too high for there to be very many users with thier little impacts, so the Commons is safe for a while. But then comes the GUI and push-button bots and the Commons is swamped. The normal "natural" balance is broken apart and the Commons collapses from the death of a thousand cuts. It has ever been thus, and unless I am mistaken it always will be unless you defend your Commons from newcomers. Which has been tried. [gbso.net]

Re:Don't be rediculous

[RobotRunAmok]

Most blogs, my own included, do not have the necessary audience.

Colin, I just visited your blog, and have just been treated to the textual equivalent of the Goatse guy, i.e., your description of yourself taking a shower.

The Shower

I walked into the small closet in my flat that contained the shower.

A string hung from the ceiling. It connected it a small box with a little button that said 'on'.

I pulled the string.

etc.

Dude, I nearly Elvis'd my monitor. It's like the poster child for all that is cliche and pedantic and self-absorbed about blogging. Keep this up and you won't have the "necessary audience" for a game of bridge, let alone a valid user moderation system.

And you're accepting paypal donations?!? I sit in mute awe and fascination.

Is this what blogging is about? Really? Online personal diaries about one's daily minutiae? There's got to be more effective therapies available. A weekly pint at the corner pub with friends, popping bubble-wrap, I dunno, something...