Spam Rapidly Increasing In Weblog Comments 387
dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.
Google? (Score:3, Interesting)
This article implies that all these postings are an effort to stack the google rankings, in order to place spam sites near the top. I'm not a google wizard... is this actually a usable loophole in google's ranking system?
Arms race in the making (Score:2, Interesting)
The root of the problem might be in the impact a weblog link has on google ranking. Spammers have taken note, and they're acting on it.
It is natural (Score:1, Interesting)
them out of existance but life always finds a way.
I dont hate them, but I do find this phenomenon curiously interesting with its parallels to life
I have a quick and dirty solution. (Score:5, Interesting)
Solution to the problem (Score:3, Interesting)
2) With every post, display the advertising policy (buying an ad on the site is $5000)
3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
4) Host their ad for them, and collect your money. Small claims is helpful here.
I have already seen this with my blog (Score:3, Interesting)
This past week alone I cleaned out about 20 spam comments.
I've seen far worse from spammers. (Score:4, Interesting)
Last year, I closed my hotmail account and two spammed-to-heck e-mail accounts. To keep old friends and family from getting shafted, I had an autoreply attatched to those addresses, announcing that those addressess were closed and that I could be reached through the contact form [rahga.com] on my website, prior to sending those e-mails to
To date, through this manual entry, effort-draining contact form, I have had at least 20 offers to increase my manly-ness, 10 offers to find the love of my life, and 5 death threats from annoyed spammers. Only one charitable organization had a problem with my auto-reply, because a spammer was using their e-mail address to send junk to me over and over again.
Legislation (Score:3, Interesting)
It's taken eight years since email spam became an issue for signifigant legislation to pass.
We need an easily amendable federal law that simply says unwanted, unsolicited, uncompensated advertising is simply illegal.
Usenet, fax, email, public chat, blogs, RPC messenger, any forum that allows public input for free has become a spammer magnet. They don't own it, get them out.
We need a law that says this, as a statement that to live under our social contract you can't be an annoying louse.
To hell in a handbasket, i tell you! (Score:2, Interesting)
My hosting company was unsympathetic to my pleas for help. Needless to say, I now host elsewhere. I mean, sheesh...my mother reads that that thing. The last thing I want to think about is her and my dad...and viagr^H^H^H
*shudder*
Re:Google? (Score:4, Interesting)
How much truth is there to the statement that 2 + 2 = 4? A lot. Why? Because that's how it's defined to work.
Uh, that's how Google documents it. That's how all of Google's employees define it. That's how everybody's experience pans out. Maybe they're all just making shit up with nobody ever calling them on it, but I'd argue for "that's actually how it works" myself. Try going to Google and clicking "About".
Only if the log owners let the spam sit there long enough to be googled. If they do that, then my guess would be quite possibly yes.
Maybe compile a list of such spammers, then a list of the advertised sites. I'd like a checkbox on my google searches that says, "Ignore results on sites whose page rank is mostly due to asshole tactics."
How about... (Score:2, Interesting)
Then, google would still spider the page, but any spam would fail to be indexed.
Of course, blogs aren't the only application for such a thing, any time you take user input to be posted online you could surround it with a tag to aleviate any spam possibilities.
Personal Guestbooks have been targeted also... (Score:2, Interesting)
The article misses the point (Score:5, Interesting)
The BBC article misses the point, as does a similar article in Wired [wired.com]. Seems the editors are more focused on name-dropping and doomsdaying than on focusing on some recent solutions. For example:
Point is
Just so long as no one attempts to use a rather evil solution [nielsenhayden.com] I discovered here on
Re:I've Noticed (Score:5, Interesting)
But google reads a lots of blogs. If a spammer gets their link onto a whole lot of blogs, Google PageRank would see hundreds or thousands of links to their site and bump up its rank. They exploit everyone's blog in order to improve their score on searches.
That's the theory anyway. Whether or not it works is another story [zawodny.com].
Re:Google? (Score:5, Interesting)
My hobbyist project [en.com] was picked up by Google after a while, but it wasn't until I retroactively changed my comment signature here on Slashdot and on Kuro5hin [kuro5hin.org] (thereby creating many links to my project page) that it went to the top of the search results. [google.com] It wasn't my intent to subvert Google in any way - I was quite surprised by the dramatic result.
There have been some less-than-scrupulous advertising companies in the business of that publishing dummy machine-generated web pages to exploit this trick. The dummy pages were typically filled with repitions of some nonsense paragraph, with self-links (to other dummy pages) and client-sponsored links interspersed here and there. The idea was that the self-linking would make the site look like a large, legit site to Google, which would mark it as relatively well-trusted and influential. Then Google would dutifully note the client-sponsored links and rank them highly. I believe Google has worked on ways to stop this; I don't know how successful they've been, or if the dummy-site makers are still around.
Re:I have already seen this with my blog (Score:3, Interesting)
I've seen the requests for a mass delete of comments in the support forums for MT as well, you're not the only one.
SPAM will kill the open nature of the internet (Score:2, Interesting)
Seems like there won't be any real solution to filtering spam and the internet will have to go from being a wide-open crosslinked universe to a collection of private nodes/networks. Commercial interests supported the explosive growth of the internet/web, and a lot of us got neato jobs in the process. But now that same commercialism (and human greed/stupidity) have clearcut that beautiful old forest and built up sleazy strip malls.
I know I'm at risk of sounding like one of those "I was here before it sucked" types. Lamenting the loss of the good old days won't bring 'em back.
So, what do we do? The idea of charging a token fee for email delivery, which could be rejected by the recepient (thus resulting in a charge for spam, but not for mail we really want) is a good idea. But it might already be too late for that kind of solution. Make spam illegal? Sounds like yet another unwinnable "war-on-a-concept".
Many usenet groups already require approval for membership, and even that doesn't guarantee that new accounts won't become a source of spam.
I predict that more and more organizations and individuals will simply build fences around their cyber-outposts, only allowing recognized friends past the gate. At my house we NEVER answer the phone unless the caller ID displays a name we recognize. Ditto for email. Ditto for newgroups as well. I guess my mom was right... I don't talk to strangers any more.
Re:I have a quick and dirty solution. (Score:5, Interesting)
Re:Google? (Score:3, Interesting)
something similer happened on my BBS (Score:4, Interesting)
I dont remember where it was linking to but I think it was a seach index or something similer.
were they trying to boost the ranking on search engines by having these so called links in place?
Re:I have a quick and dirty solution. (Score:3, Interesting)
The real issue is trust management. (Score:3, Interesting)
Just like spam on other media (email, usenet, web forums, etc), you can apply quick and dirty fixes :
But the real issue is always the same : trust management. You want to be able to grant as much trust as possible to trustworthy (non-spamming) strangers, while revoking all trust to others.
So why do we always want to build trust management systems on top of other systems, and not design a stand-alone one, that can be used by a wide range of media (email, usenet, blogs, etc) ?
Note: identifying "personas" does not mean identifying "real people", so there are no privacy issues in such a system.
Re:This was happening to my guestbook too (Score:3, Interesting)
Originally the spam was just huge lists of porn sites, from a few specific spammers. To fight that, we kludgingly added some specific urls we wouldn't allow in any post.
They figured that out, and we started getting more from all sorts of different people. So we started adding various heuristics that were kind of lame to block posts (no domains with a - in them for example).
They figured that out, and started to post all sorts of random spam, unrelated to porn, usually with just links to some other dreambook url. We were kind of puzzled about those, because when you went to their dreambook, it was blank. Viewing the source though, they'd added hidden links to their sites at that book. So it seemed they were spamming to get higher google results. Super.
So then we added system-wide a check for the same IP posting to multiple books a lot within a certain amount of time. That worked really well for a few months, but recently they've started using I guess a whole slew of proxies! So finally we now look for any URLs in their posts instead of IPs (they vary the messages they post so there's nothing else you can really look for) and filter on that.
So far it's working okay (but now with some false positives) but it's only a matter of time until they work around that as well.
Bastards!
Re:I've Noticed (Score:3, Interesting)
Well, we are going to have to change human nature [hedweb.com] eventually, if we want to survive alongside exponentially advancing technology [kurzweilai.net] where any random psychopath will be able to "press The Red Button" with exponentially decreasing effort.
I think humans are basically good when resources are abundant and life is good, but when resources are scarce (artificial or not), then the "selfish gene" goes into overdrive and people get desperate. But there's also that rare minority who have their selfish gene stuck in high gear even though they're already living like [spam]kings, because, hey, more power and more money secures *MY* genes even further, right? Screw the commons. I only care about ME and MY family and MY tribe.
--
Re:Here's My Solution (Score:2, Interesting)
How about, a "spam" button beneath every comment, accessible to rigestered users. The message then gets put in the spam pile, to be deleted after a certain amnount of time.
Also, if the editor notices a registered user labels non-spam as spam, he could ravoke that users use of the spam button.
If it still gets out of hand, it would have at least been an interesting experement.
Re:Here's My Solution (Score:3, Interesting)
I wrote something like that into a messaging system that I wrote once..
If you go to voyeurweb.com (warning, porn site), and select any set of pictures, at the bottom there's a link where users can post their comments.
Anyone can write there, and frequently enough they write really rude comments. The people contributing the pictures don't like it, the people posting nice comments don't like it, so I added in a button, that simply keeps a record of how many people have clicked the alert button. The text of it is:
"Alert! Click Here to let the VW Ops know if this is a rude message."
The idea is simple enough, it remembers (SQL DB, of course) how many unique complaints were made about a particular message, and the message monitors get that list, sorted by the number of complaints. The users are pretty good about complaining, and are more than happy to click the button.
It's fairly free of abuse, because messages that have more complaints from more users are the bad ones. Of course, there are people who complain about perfectly normal messages, but that's why we have people actually reviewing the messages before they're removed.
There's a whole lot more to it than just the alert button,
To me, it's very wierd, it's an adult site, and you'd think that most people are just there to look at the pictures, but there are a significant number of people posting messages there, and they are just about as fanatical about it as
The system as a whole works very well. We have 3,363,465 messages in the system (I purge old messages every few months), 5 alerts that haven't been read, and 43 IP's or networks that have been blocked. They have the power to prevent any size network from posting in the future, if the abuses have been bad enough. Most of the abuse and filtering features have grown with the messaging system over the years. When I originally wrote it, it didn't have or need any of it. It's fairly complete now, I haven't done any significant changes in years.
privacy, openness, spamfree (Score:4, Interesting)
Wake up and smell the bacon, people. The techno-utopianism of Wired when it was boosting the dotcom era into orbit has proven itself a poor match with human nature on all fronts.
The benificient fathers of the internet made two horrendous design decisions concerning the final destination of a global internetwork: excessively strong anonimity and a near zero cost for dumping pollution into public media.
Privacy, openness, spam-free: pick any two.
For anyone who looked into ECC yesterday, you might have noticed that RSA has ideal properties for preventing some of this mess: expensive to sign a certificate, cheap to verify, and the ratio becomes worse as you scale up.
If every spam artifact was signed with an anonymous RSA cert (anyone could make as many of these as they wish), as soon as one spam is confirmed, every other post signed by the known-spam cert could be instantly revoked.
This would force the spammers to create a new anonymous cert for every spam instance. Yet with RSA certs, the computational cost to generate a cert is vastly greater than the cost to verify the cert.
As an added step, the cert could require the IP address of both endpoints to be embedded inside (the server would reflect back the IP source address it sees, and then ask for an anonymous cert to be generated at a desired RSA key size).
We won't have to damage anonymity very much to vastly increase the cost of dumping pollution.
In this respect, weblogs would be a good place to start. This is a relatively new technology that could be retrofitted at one percent of the cost of a global e-mail infrastructure upgrade. It really doesn't matter if you inconvience a few bloggers working out the kinks, these people have not much useful to do in any case.
Re:I've Noticed (Score:2, Interesting)