Follow Slashdot stories on Twitter


Forgot your password?
Spam The Internet

Spam Rapidly Increasing In Weblog Comments 387

dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.
This discussion has been archived. No new comments can be posted.

Spam Rapidly Increasing In Weblog Comments

Comments Filter:
  • Wikis too? (Score:4, Insightful)

    by Thinkit3 ( 671998 ) * on Monday October 27, 2003 @02:13PM (#7320288)
    They would seem vulnerable to spamming. I was on a lojban wiki for awhile which was under the radar enough to avoid it, but don't know about now.
  • Here's My Solution (Score:5, Insightful)

    by notsewmit ( 655779 ) * <tim@tim-weston . c om> on Monday October 27, 2003 @02:14PM (#7320295)
    Since most blog spammers will search for "Remember personal info?" in various search engines to quickly find personal blogs, I edited my MovableType templates. Now, instead of saying "Remember personal info?" on the comments page, I have something else that spammers don't normally search for.
  • by Sanity ( 1431 ) * on Monday October 27, 2003 @02:14PM (#7320297) Homepage Journal need Locutus []! Its absolutely FREE and works with Outlook, Outlook Express, and Eudora!

    So why not try the best anti-spam tool on the market and wave goodbye to those pesky spams?!

    • I guess I just saw a blog as a different thing from what other people are using.

      I login to my blog page and add to the running log. No place for people to spam.

      Though as a side note, I love getting spam about anti-spam software!
      • Re:This is why... (Score:3, Insightful)

        by brianosaurus ( 48471 )
        Some people like to get comments about their blog entries. My mom actually asked if I could set up mine so she could leave comments. I'm still, uh, working on it.

        With the massive adoption of programs like Moveable Type, the spammer's jobe becomes easier, since they only have to locate a new MT site and point their bots at it. Its pretty pathetic that they're even doing this, but not more than I'd expect from a bunch of bottom-feeders.
  • Mod (Score:5, Funny)

    by CGP314 ( 672613 ) <(ten.remlaPyrogerGniloC) (ta) (PGC)> on Monday October 27, 2003 @02:15PM (#7320304) Homepage
    Perhaps these 'web logs' could come up with a kind of 'moderation system' to let users filter out the crap.
  • Google? (Score:3, Interesting)

    by The Tyro ( 247333 ) on Monday October 27, 2003 @02:15PM (#7320306)
    How much truth is there to the statement that increased links equal increased google rank?

    This article implies that all these postings are an effort to stack the google rankings, in order to place spam sites near the top. I'm not a google wizard... is this actually a usable loophole in google's ranking system?
    • Re:Google? (Score:4, Informative)

      by realdpk ( 116490 ) on Monday October 27, 2003 @02:19PM (#7320371) Homepage Journal
      Yes. That's partly why Google's search results are nearly useless any more - especially while looking for information about specific brand-named products. This whole blog-spam thing has been known about for a very long time, and I have yet to see it addressed - I'm surprised that it's finally picked up by the media though. Maybe that'll force Google to update their ranking code before their IPO.
      • Yes. That's partly why Google's search results are nearly useless any more

        Are you kidding? What search engine do you use?
      • Re:Google? (Score:3, Interesting)

        by Blimey85 ( 609949 )
        Nearly useless? I thought it was just me but for the past couple of months I've been hating Google more and more. It used to be so easy to find what I wanted but I try a simple search for a name brand item and the manufacturer is the last page listing to come up it seems. What really irks me is how many listings show up for other search engines... or search services as they call themselves. It's a shame that Google has not done anything to solve this problem. Surely they could change things a bit to complet
    • Very very very much truth, if done properly.

      I got number 1 in Google for "arianna huffington spammer" and number 6 for "arianna huffington spam" just with my slashdot sig, without spamming weblogs.

      Now that the election's over and us Californians have the Guvernator, I hafta figure out what I'm going to googlebomb next -- preferebly something amusing this time. As I'm indecisive, I haven't changed it yet.
    • Re:Google? (Score:4, Interesting)

      by devphil ( 51341 ) on Monday October 27, 2003 @02:28PM (#7320472) Homepage

      How much truth is there to the statement that 2 + 2 = 4? A lot. Why? Because that's how it's defined to work.

      How much truth is there to the statement that increased links equal increased google rank?

      Uh, that's how Google documents it. That's how all of Google's employees define it. That's how everybody's experience pans out. Maybe they're all just making shit up with nobody ever calling them on it, but I'd argue for "that's actually how it works" myself. Try going to Google and clicking "About".

      is this actually a usable loophole in google's ranking system?

      Only if the log owners let the spam sit there long enough to be googled. If they do that, then my guess would be quite possibly yes.

      Maybe compile a list of such spammers, then a list of the advertised sites. I'd like a checkbox on my google searches that says, "Ignore results on sites whose page rank is mostly due to asshole tactics."

    • Yes - I've done searches for the terms being spamvertised in my blog and they're usually in the top 5.

      I've resorted to not linking the "username" field with the URL provided, instead doing it like:

      Posted by ceejayoz (www []) on Date
    • Re:Google? (Score:5, Interesting)

      by Lagged2Death ( 31596 ) on Monday October 27, 2003 @02:42PM (#7320613)

      My hobbyist project [] was picked up by Google after a while, but it wasn't until I retroactively changed my comment signature here on Slashdot and on Kuro5hin [] (thereby creating many links to my project page) that it went to the top of the search results. [] It wasn't my intent to subvert Google in any way - I was quite surprised by the dramatic result.

      There have been some less-than-scrupulous advertising companies in the business of that publishing dummy machine-generated web pages to exploit this trick. The dummy pages were typically filled with repitions of some nonsense paragraph, with self-links (to other dummy pages) and client-sponsored links interspersed here and there. The idea was that the self-linking would make the site look like a large, legit site to Google, which would mark it as relatively well-trusted and influential. Then Google would dutifully note the client-sponsored links and rank them highly. I believe Google has worked on ways to stop this; I don't know how successful they've been, or if the dummy-site makers are still around.

  • The arms race has just started: spambots becoming increasingly more sophisticated, and bloggers having to go to greater lengths to avoid spam.
    The root of the problem might be in the impact a weblog link has on google ranking. Spammers have taken note, and they're acting on it.
  • I've Noticed (Score:3, Insightful)

    by Starquake ( 245822 ) on Monday October 27, 2003 @02:15PM (#7320313) Homepage
    I read LiveJournal [] and I have noticed this. Anonymous comments with a link to some page I guess they are hoping you will click on out of curiousity. LiveJournal allows you to easily delete such comments but like e-mail spam it is still a hassle. The solution is simple: stop buying what spammers are offering and they will go under soon after.
    • Re:I've Noticed (Score:5, Insightful)

      by mcrbids ( 148650 ) on Monday October 27, 2003 @02:31PM (#7320504) Journal
      The solution is simple: stop buying what spammers are offering and they will go under soon after.

      This is one of those simple-sounding, and utterly worthless "solutions".

      You see, you can stop buying what the spammers are offering, but will everybody else? You see, this world is chock-full of people who just don't get it when it comes to spam. They don't realize the mechanical nature of SPAM, many think the message was sent by somebody to them personally.

      Scams were common in the 20th, 19th, 18th, 15th, and 11th century, why would they stop now?

      So, really, what you in fact just said was " The solution is simple: change human nature for every person on the earth to a very cynical nature and then spend billions of dollars in education so that people know what SPAM is and how best to treat it, and they will go under soon after." .

      Utopia doesn't exist, and won't as long as there are people to pollute it. In the meantime, we have to deal with the fact that this world has both unscrupulous people and suckers.

      The solution is to change the protocol of Email to introduce enough resistance to communication to thwart SPAM. Until that happens, SPAM will be a problem.
      • Re:I've Noticed (Score:3, Interesting)

        by Saeger ( 456549 )
        The solution is simple: change human nature

        Well, we are going to have to change human nature [] eventually, if we want to survive alongside exponentially advancing technology [] where any random psychopath will be able to "press The Red Button" with exponentially decreasing effort.

        I think humans are basically good when resources are abundant and life is good, but when resources are scarce (artificial or not), then the "selfish gene" goes into overdrive and people get desperate. But there's also that rare mino

    • Re:I've Noticed (Score:5, Interesting)

      by brianosaurus ( 48471 ) on Monday October 27, 2003 @02:41PM (#7320602) Homepage
      I think the ads in the blogs are going for better Google PageRank scores, rather than for direct exposure. Most blogs don't get a whole lot of traffic, mostly just family and friends, if even that much. Only a very small percentage of that audience will click, and they surely won't fall for it more than once.

      But google reads a lots of blogs. If a spammer gets their link onto a whole lot of blogs, Google PageRank would see hundreds or thousands of links to their site and bump up its rank. They exploit everyone's blog in order to improve their score on searches.

      That's the theory anyway. Whether or not it works is another story [].
    • At least with LiveJournal, you can disable anonymous comments. It means that people without LJ accounts can't comment, but I find that preferable to having my journal spammed or trolled.

  • slashdot spam (Score:2, Flamebait)

    Every time someone puts their sig in the comment itself, I feel like I've just been spammed. The only additional moderation tag I've ever whined for has been a -1, Spam moderation.
  • by Ignorant Aardvark ( 632408 ) <cydeweys&gmail,com> on Monday October 27, 2003 @02:16PM (#7320321) Homepage Journal
    Use the same type of human verification system that Yahoo uses when signing up for an e-mail account. If you can't type in the mangled letters in the image, then your post to the weblog is ignored. This would only be required for anonymous postings - if you're logged in, presumably you've already passed the human verification test upon account creation, so you don't have to go through the hassle each time you want to post.
    • You could still allow anonymous postings.
      If the message (from an anonymous poster) contains the usual '.com', '.net', '.tv', '.whatever', the program sends the "message accepted" response for a regular post, but sends the entire message to the bit bucket. A human will notice it didn't work if they check, but the bot will simply go on to the next site.
      The major fault with this is that if the bot checks the page, it could get into an endless loop trying to post the url and suck up a lot of bandwidth. Perhap
    • by Alan ( 347 ) <> on Monday October 27, 2003 @02:40PM (#7320596) Homepage
      There has been some discussion on this that I've seen on various blogs I read, and basically the concensus seems to be that people don't want to make the barrier to entry of submitting a comment harder (ie: accounts), as part of the beauty of blog comments is the spontinaity. Most people I've seen have either done some of the 7 tips for a spam free blog [] or are using the MT Blacklist [] plugin.

      Once I installed the latter and did some of the former, I've had almost no spam, vs several hundred over a couple of days. Now whether that is testimony to how well the tips work or that the spammers are going in short bursts then taking breaks is still unknown.

    • I agree with this -- probably the best solution to date. I have the blacklist installed on my blog, but it has its weaknesses (the blacklist is hard-coded, and does not sync up with any master list).

      Does anyone have any good links to this type of program? I haven't seen any packages available for people with little web programming experience (i.e., me). If nothing good exists out there, I'm sure someone from the /. community could type something up. All you need is a few dozen images, a random image p

    • A great idea, except what happens when a human creates the account and then a script uses that account to send thousands of spam comments?

      For that matter, wouldn't be difficult to write a script which simultaneously signed up for 50 accounts, showing all the mangled images and text boxes on a single page for a human to type in. They can hire some kid to 'translate' at a few bucks an hour, creating hundreds of accounts a day....

      I have a pacifist friend whom I'd like to introduce to spammers, see how quic
    • Good idea, but no real reason to mange the text. Just ask them to initial a box or enter same non-mangled text, and it should work. From the sounds of it, as long as your blog isn't cookie-cutter, the spam-bots will probably ignore it.
    • by GeorgeH ( 5469 ) * on Monday October 27, 2003 @02:51PM (#7320701) Homepage Journal
      That's called a CAPTCHA, and James Seng wrote a Moveable Type plugin [] to do this with MT. CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, you can read more in this story []
    • by 4of12 ( 97621 ) on Monday October 27, 2003 @02:59PM (#7320762) Homepage Journal

      That excludes people who prefer to browse using text, which is what that image recognition filter effectively does. Blind people, low bandwidth folks are automatically eliminated from the community.

      Requiring a periodic human response at the other end of a live email address, after a time interval, helps some. It's still possible for spammers to cultivate a temporary reputation of responsibility and spam a site as their last post, but requiring them to periodically exert effort to prove they're authentically human helps to make spamming hard work.

      It wouldn't hurt for sites to start keeping a growing list of bad urls and poisoned posters. A spider that visits url's, maybe one or two deep after the posted URL (phenomena of delayed appearance of herbal viagara behind URLs that are opaque looking), checks for spam links, and assigns big negative karma would help some, especially if it runs before the posting appears on the blog.

    • I have a human verification engine that I use to "protect" web logs, email, and other public, but sensitive pages (like contact pages on my website). My image mangling uses base images that each have three sets of letters Red, Blue and Black, then forms random words out of 5-8 images. So to verify you have to enter either the RED, BLUE or BLACK word. If you entered it correctly you are allowed to post, send mail, look at the page, etc. There are no accounts to create, profiles, etc. I set it up to work
  • by ccnull ( 607939 ) <null AT filmcritic DOT com> on Monday October 27, 2003 @02:16PM (#7320328) Homepage
    This is reason #1 why I don't allow comments on my weblog [] or any other site I run. Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...

    Not every single web site needs to be a two-way communication system. That's what email and discussion groups are for.
    • by aliens ( 90441 ) on Monday October 27, 2003 @02:28PM (#7320478) Homepage Journal
      Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...

      Yeah I mean who reads these comments anyway? Can you imagine a site full of these asinine people writting about stuff they don't even know the first thing about?

      What a stupid stupid idea ::)
    • Have you read the comments most people post on these things, anyway? They're even more asinine than the weblogs themselves...

      Says the guy posting a comment on a weblog...
    • Uh, try disabling comments altogether. (...) Not every single web site needs to be a two-way communication system. That's what email and discussion groups are for.

      ...and both are usually spammed to hell. I guess the general idea about having comments on weblogs *is* to have a discussion group there. Sure, you can be so innovative as to serve a static web page (go 1990) or to link to an external discussion group, but it doesn't solve anything, you just move the problem over to a different medium.

  • But..... Try this if your penis is too small or if its too large. :P
  • by Anonymous Coward on Monday October 27, 2003 @02:17PM (#7320341)
    1) Only allow people with verified accounts to post.
    2) With every post, display the advertising policy (buying an ad on the site is $5000)
    3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
    4) Host their ad for them, and collect your money. Small claims is helpful here.
    • 2) With every post, display the advertising policy (buying an ad on the site is $5000)
      3) Make sure they confirm that if their message is an ad, they agree to pay the $5000
      4) Host their ad for them, and collect your money. Small claims is helpful here.

      This is exactly what I was considering suggesting. Any lawyers out there know if this would be legally binding? If so, I may quit my job and start my own BLOG today. Let's see, 20 spamvertisements * $5000 per day = $100,000 per day. I could handle that

    • Make them fill in contact information when creating the accounts, and then actually verify the existance of said person prior to allowing them to post. That would take care of the anonymity issue.

      Yeah, it is a bit of work. No, it isn't too difficult to make a quick phone call. Besides, if all goes well, you might actually net a few of the spammers.

  • by CGP314 ( 672613 ) <(ten.remlaPyrogerGniloC) (ta) (PGC)> on Monday October 27, 2003 @02:18PM (#7320353) Homepage
    Although the term flyblog has been used already to mean either blogging about flying, or blogging while flying, I would like to claim it for the practice of posting spam comments to people's blogs like this: I have just been comprehensively flyblogged

    I like I have been splamogged much better. Just rolls off the tongue.
  • by chrisgeleven ( 514645 ) on Monday October 27, 2003 @02:18PM (#7320356) Homepage
    It is a huge pain in the butt, especially considering that I have not found an easy way to mass delete comments with Movable Type [] I have to go to each comment individually and delete them.

    This past week alone I cleaned out about 20 spam comments.
    • There is an Anti-Spam Module out there for Movable Type. So far I have only been hit once, and I hope it stays that way, but who knows, if people would start reading my blog I am sure I get more.

    • Just go into the database (assuming you're running off of mysql) and run something like "delete from mt-comments where author = 'spammer@whatever'" or "where website = ''". Run a rebuild afterwards and all spam will be gone. Make sure you run a select on the author = or url = to make sure you know what you're deleting. Note: the actual fields aren't correct I'm sure, run 'desc <mt database name >' to get them first.

      I've seen the requests for a mass delete of comments in the

  • You could just run /. code and let your users mod them into oblivion!
  • For many people email spam is largely transparent; I have a high-speed, unmetered connection (cable modem) and anti-spam protection (Apple so in my email, I see virtually no spam.

    However the site that I run is hosted on MovableType through a commercial host. I have a metered limit on database queries and bandwidth. Excessive blog comment spamming could end up costing me money!

    A new version of MT-Blacklist comes out today. Use it!
  • by Phoenix-kun ( 458418 ) * on Monday October 27, 2003 @02:19PM (#7320375) Homepage
    I had the same problem with the guestbook on my website. I was used to the occasional, manually entered, advertisement that I would then promptly remove. However, suddenly my guestbook was being hit with dozens of spam advertisements at a time, all at the same time. This was taking place every couple of days. It was always the same ads with bogus compliments, but the source IP addresses would vary widely from attack to attack. A review of my access log showed spybots looking for the presence of certain common guestbook scripts, one of which I was using. Then later, the spambot would hit my site executing the scripts directly. I got around it by changing the file name of the script. Normal users to my site would follow the link and get to the guestbook with no problem. But since the spambots depended on the script being a certain name, they would fail with a 404 error.
    • We run DreamBook [], a free guestbook service with about a million members, and recently the guestbook spam started getting to the point we had no choice but to do something about it. We think the way they get the list of our user's URLs is just through a google search (which has the added benefit of returning the most trafficed books where their spam will potentially be the most widely viewed).

      Originally the spam was just huge lists of porn sites, from a few specific spammers. To fight that, we kludgingly ad
  • Remember, google page-ranks are based on who links to you. This seems like a great way for spammers to get their web-sites ranked higher in search engines.

    Of course, I can't remember the last time I had to google for 'penis enlargement'. Companies have been kind enough to save me the trouble and send the results straight to my inbox.

    Side note: My blog gets about 2 of these a week now.
  • by crazyphilman ( 609923 ) on Monday October 27, 2003 @02:21PM (#7320398) Journal
    You're blogging to publish your thoughts to the world, right? Weeelllll, if your users want to say something, let them get their own blog. There's no law that says you have to start your own mini-slashdot. Make your blog read-only and the spam problem goes away.

    Doesn't it?

    I think the whole "open forum" thing is overrated... Look at all the junk that gets published here, on Slashdot, one of the more serious of the open forums (yeah, I know how crazy THAT comment is, but it's true).

    • by poot_rootbeer ( 188613 ) on Monday October 27, 2003 @02:42PM (#7320617)
      Make your blog read-only and the spam problem goes away.

      Doesn't it?

      Yes, but in many cases so also will the blog's audience go away.

      One of the key atttractions of small-to-middle-sized weblogs is the interactivity. If the blog author says something incorrect, you can let him know. If you have additional information pertaining to something a blogger wrote about, you can share it with her.

      Without comments, blogs are just another one-way communications medium. Not to say that's an undesirable thing, but we already have plenty of those.
  • by Rahga ( 13479 ) on Monday October 27, 2003 @02:23PM (#7320408) Journal
    I've got a website [].

    Last year, I closed my hotmail account and two spammed-to-heck e-mail accounts. To keep old friends and family from getting shafted, I had an autoreply attatched to those addresses, announcing that those addressess were closed and that I could be reached through the contact form [] on my website, prior to sending those e-mails to /dev/null .

    To date, through this manual entry, effort-draining contact form, I have had at least 20 offers to increase my manly-ness, 10 offers to find the love of my life, and 5 death threats from annoyed spammers. Only one charitable organization had a problem with my auto-reply, because a spammer was using their e-mail address to send junk to me over and over again.
  • I have had problems (Score:2, Informative)

    by Squeebee ( 719115 )
    Couple of things for MoveableType users:

    1) If you get flooded with spam just go directly into MySQL and issue a DELETE...WHERE query, it's really too much trouble to use the MT frontend to delete multiple comments.

    2) Check out MT-Blacklist at / []

  • Legislation (Score:3, Interesting)

    by Schmucky The Cat ( 687075 ) on Monday October 27, 2003 @02:23PM (#7320415) Homepage
    This isn't that new but it's becoming a nuisance because spammers now have automated tools.

    It's taken eight years since email spam became an issue for signifigant legislation to pass.

    We need an easily amendable federal law that simply says unwanted, unsolicited, uncompensated advertising is simply illegal.

    Usenet, fax, email, public chat, blogs, RPC messenger, any forum that allows public input for free has become a spammer magnet. They don't own it, get them out.

    We need a law that says this, as a statement that to live under our social contract you can't be an annoying louse.

    • Re:Legislation (Score:3, Insightful)

      by Atzanteol ( 99067 )
      Scary that somebody believes that anything annoying should have a *federal law* against it.

      Would you like to be notified when the U.S. becomes a military state, or would you rather be thrown up against the wall when the time comes?

      Every day I wish people would stop putting more and more control of their daily lives into the hands of Uncle Sam. Remember, the more control the government has, the less control you have.
  • by einer ( 459199 ) on Monday October 27, 2003 @02:24PM (#7320426) Journal
    I run a phpbb [] based blog, for my friends and family, and it is definately a problem. So far, the only solution I've found is to block all users who register with an e-mail address from .ru and .tw. This is obviously a sub-optimal solution.

    It's frustrating on so many levels. The spammer always sees a hit from your website in their logs if you do a background check on the user (you have to visit the site in order to realize it's spam), so the insentive to spam is reinforced. On the other hand, you run the risk of deleting a user who is truly interested in your site if you don't investigate their profile information.

    Unfortunately, it's really easy to use google to find phpbb based sites, and it's just as easy to write a script to register yourself with all of these sites. The signal to noise ratio is making it hard for me to justify the admin time costs of running a public site.

    The other (not as easy) solution is to modify your site code in some non-standard way so that their scripts fail.
  • I've also noticed that there is another interesting phenomenon related to this, that is the spamming of online status pages. I used to have a web page where people could go and look at statistics of my site (powered by AWStats). However, I started to get a lot of false requests with referrers from various spam farm sites. The thought that these people had was if you spammed the sites that made their referrer logs available then people would look and see how they linked, when in fact they didn't. It was
  • This is why I had to shut down the guestbooks on several of my sites. It didn't help when I changed the input form, then used a new URL for the posting page, THEN deleted any connection to the CGI script whatsoever. It was only after deleting the script from my webspace that it stopped.

    My hosting company was unsympathetic to my pleas for help. Needless to say, I now host elsewhere. I mean, mother reads that that thing. The last thing I want to think about is her and my dad...and viagr^H^H^
  • Solutions (Score:3, Insightful)

    by ChuckDivine ( 221595 ) * <> on Monday October 27, 2003 @02:25PM (#7320448) Homepage

    One blog I frequent -- Samizdata [] (a libertarian site) -- was recently hit with this kind of stuff. They've initiated a technology that forces people to enter a code supplied on the comments page before being allowed to post a comment.

    Slashdot's moderation feature may also help with this problem. If the spammer's goal is to be seen, rather than just Googled, moderating down spam as offtopic or some other negative category may help reduce that visibility.

  • I first saw some in my Slashdot journal, and then I noticed some in my main journal on my site. []

    On my main site, I use Greymatter [], and I view my control panel log every few days. It gives me who has commented since I last cleared to log, and I have only had a few posts to some "" stuff, and since I could trace the IP, I added it to my "blocked IP" sites.

    Still, my journal does not get a lot of traffic, so my way of working with this is fine. But if I had hudreds of posts a day, then, no. I'd

  • Alans Rule #1,456,483

    "Any useful tool will eventually be inandated with porn spam and advertising, therefor making it useless"

  • by bluethundr ( 562578 ) * on Monday October 27, 2003 @02:27PM (#7320471) Homepage Journal

    Get 500 by tomorrow. It's quick, easy and confidential.


    Use the money anyway you like:
    • Pay off your bills
    • Help you and your family through an emergency
    • Repair your car
    • Go shopping
    • Enlarge your penis!

    ...sigh. Okay, I keed I keed and I know I'm going to get modded down for posting some actual spam I found in my inbox. But I have actually heard of this problem [] before. I wish it would just go away along with the majority of our obsessivly consumerist culture. But thank god, though I have seen some folks accuse Slashdot of being in bed with some of the product manufacturers it features in its stories (an accusation I don't actually subscribe to), I have NEVER seen blatant spam (that wasn't a blatant troll []) mixed in with the blogging on this site. Could it be that the lameness filters are admirably effective in blocking this sort of content? Or have, I wonder, the spammers not figured out how to interface with Slashdot as of yet? Repeat: yet?
  • How about... (Score:2, Interesting)

    by revmoo ( 652952 )
    Why couldn't we just create a new html tag, something like , then blog coders could simply set the comments sections of their sites up with the tag.

    Then, google would still spider the page, but any spam would fail to be indexed.

    Of course, blogs aren't the only application for such a thing, any time you take user input to be posted online you could surround it with a tag to aleviate any spam possibilities.
  • This relatively new phenomena isn't just confined to blogs - it's been happening to personal guestbooks for a while. I discussed [] this recently on the Mozzaline forums and it's apparent I'm not the only one to suffer from this automated spam. A brief summary of what I said :

    Recently I've had 3 enteries in my guestbook that are blatant adverts for rather-dodgy commercial websites. I've deleted them, but wondered if anyone has had similair problems? One was an advert for 'bingo cards' and another for one of

  • by HealYourChurchWebSit ( 615198 ) on Monday October 27, 2003 @02:32PM (#7320516) Homepage

    The BBC article misses the point, as does a similar article in Wired []. Seems the editors are more focused on name-dropping and doomsdaying than on focusing on some recent solutions. For example:

    Point is ... perhaps we'd all be better service if said articles spent less time on the hype and a bit more investigation on some of the solutions ... whether they succeed or fail ... as both are educational.

    Just so long as no one attempts to use a rather evil solution [] I discovered here on /... ... that would be wrong [] ...

  • I'm pretty sure that someone is spamming my brain with thoughts and dreams of porn like material. That said, I'm not too bothered by it.
  • by Manuzhai ( 712333 ) on Monday October 27, 2003 @02:36PM (#7320557)
    Jeremy Zawodny [] on this:

    SMTP Sender Authentication, Blog Spam, and PageRank []
    Cheap Viagra, Vicodin, Xanax, Prescription Drugs, and Penis Enlargement Pills!!! []
    Gureilla Tactics Against Blog Comment Spammers []

    Russell Beattie [] on this:
    Googler Comments []

    Simon Willison [] on this:
    Battling Comment Spam []
    Banning Google Comments []

    Michael Fagan [] on this:
    Seven Ideas for a Spam Free Blog []

    Scott Johnson [] on this:
    A Possible Blog Comment Spam Solution []
  • It is really despicable that some people are trying to use websites that are meant to allow the public to communicate in a meaningful way as interments to sell their bogus products. We need some kind of auto blocker for this kind of ilk. Like the one that can be found on my website for only 19.95.
  • in the truth about basic human nature.

    You can find nice people. But you have to look. Most of them aren't.
  • I'm still surprised that slashdot survives without enforcing registration to comment, but still this is the way to go to avoid spam. At least if spam is found they can cancel their account
  • That's no different than someone crashing a party and hawking their wares. They would be told to leave instantly and charged with trespassing and harassment if they refused to leave, and might even get charged anyway. Spammers certainly should be.
  • Quoting the article:

    It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.

    Well, welcome to humanity. Yes, most (?) people are responsible, but some are not. In the real world, people can do what they did in Bagdad today, or in New York in Sep 11, or in Columbine, so yes, some people have no scruples. The behavior of people on the Internet is no different. Those without scruples can do any

  • Or at least it'll be forced to evolve into something more restrictive. When only adventuresome geeks were using the net, it was like we were the earliest settlers in a vast ancient forest. I remember getting maybe two or three messages a month and being elated at each. It was like meeting a fellow pioneer and being mutually pleased at having anyone else to talk to. Eventually the web was born and even my mom got an email account (ZOINKS!). And then the first annoying ads starting showing up in my inbox. And
  • I've had a few incidents where spambots have hit the guestbook on my homepage. Since the gb is custom-made, I guess they go for certain searchable keywords. I wonder how long it will be until the spam senders become the leaders in AI developement ;)
  • I set up a movable type blog on my home server. Five Fucking Days later, it got a penis spam. I implemented some rudimentary spam blocking, and I haven't had a spam in about a month, but I'm sure that won't last.
  • by Junior J. Junior III ( 192702 ) on Monday October 27, 2003 @02:50PM (#7320684) Homepage
    Just disable anonymous comments in your blog, and you're pretty much OK.
  • My solution (Score:4, Insightful)

    by NeoSkandranon ( 515696 ) on Monday October 27, 2003 @02:50PM (#7320689)
    I don't reallly have a blog, as such, but my domain does have a PHP site that has galleries of my photographs which viewers are able to comment on. Lately i've been getting spam from people who apparently randomly find my site and decide they have to leave their mark (much like dogs leave their marks on bushes)

    my solution? Have MySQL log IP addresses along with the comment submission. My intended audience is so small I know the majority of the viewers personally, and thus have no issue walling off an entire ISP ( after reporting that IP address to said ISP's abuse dept)
  • They inflict their crap on us (via getting the best google ratings) - it's nice to see them having to suffer something similar from another group.

    I'll support death to blog spammers when they start using their robots.txt file to stop their lame sites ruining search results.
  • by night_flyer ( 453866 ) on Monday October 27, 2003 @02:57PM (#7320751) Homepage
    but it was a little different, the messages that were already there were replied to, but they had "empty" response, unless you looked reallu close one "character" in the reply to message now had a link attached to it.

    I dont remember where it was linking to but I think it was a seach index or something similer.

    were they trying to boost the ranking on search engines by having these so called links in place?
  • by androse ( 59759 ) on Monday October 27, 2003 @03:13PM (#7320899) Homepage

    Just like spam on other media (email, usenet, web forums, etc), you can apply quick and dirty fixes :

    • IP # based black lists
    • URL based black lists
    • CAPTCHA [] (images and/or audio) authentication
    • keyword filtering
    • bayesian/statistical filtering
    • etc...

    But the real issue is always the same : trust management. You want to be able to grant as much trust as possible to trustworthy (non-spamming) strangers, while revoking all trust to others.

    So why do we always want to build trust management systems on top of other systems, and not design a stand-alone one, that can be used by a wide range of media (email, usenet, blogs, etc) ?

    Note: identifying "personas" does not mean identifying "real people", so there are no privacy issues in such a system.

  • by theCat ( 36907 ) on Monday October 27, 2003 @04:11PM (#7321462) Journal
    Exploiting a commons to utter exhaustion is a well-understood human trait. We have never failed to do so as soon as the opportunity presents itself. This is because we have a well developed sense of personal gain, but a poorly developed sense of societal good, even to the point of our eventual individual destruction. If you are in a bright mood today and would like to read something to bring you down, try this lovely bit of rational thought: The Tragedy of the Commons [] by Garrett Hardin (1968)

    I'll save you a bit of surfing by extracting a tasty morsel, but do glance over the rest as it is quite a classic:

    The tragedy of the commons develops in this way. Picture a pasture open to all. It is to be expected that each herdsman will try to keep as many cattle as possible on the commons. Such an arrangement may work reasonably satisfactorily for centuries because tribal wars, poaching, and disease keep the numbers of both man and beast well below the carrying capacity of the land. Finally, however, comes the day of reckoning, that is, the day when the long-desired goal of social stability becomes a reality. At this point, the inherent logic of the commons remorselessly generates tragedy.

    As a rational being, each herdsman seeks to maximize his gain. Explicitly or implicitly, more or less consciously, he asks, "What is the utility to me of adding one more animal to my herd?" [snip technical stuff] [T]he rational herdsman concludes that the only sensible course for him to pursue is to add another animal to his herd. And another.... But this is the conclusion reached by each and every rational herdsman sharing a commons. Therein is the tragedy. Each man is locked into a system that compels him to increase his herd without limit -- in a world that is limited. Ruin is the destination toward which all men rush, each pursuing his own best interest in a society that believes in the freedom of the commons. Freedom in a commons brings ruin to all.

    Some would say that this is a platitude. Would that it were! In a sense, it was learned thousands of years ago, but natural selection favors the forces of psychological denial. The individual benefits as an individual from his ability to deny the truth even though society as a whole, of which he is a part, suffers. Education can counteract the natural tendency to do the wrong thing, but the inexorable succession of generations requires that the basis for this knowledge be constantly refreshed.

    The key insight here is that freedom in a commons brings ruin to all. So in other words, we kid ourselves into thinking that our tiny individual impact does not make a difference, that societal good is not impaired, thus we have the freedom to pursue our impulses to better our share, and working individually this way we ruin everything that does not have a high barrier to entry. The way this applies to email/weblogs/Usenet/etc is that in the beginning the technical hurdles are too high for there to be very many users with thier little impacts, so the Commons is safe for a while. But then comes the GUI and push-button bots and the Commons is swamped. The normal "natural" balance is broken apart and the Commons collapses from the death of a thousand cuts. It has ever been thus, and unless I am mistaken it always will be unless you defend your Commons from newcomers. Which has been tried. []
  • by epine ( 68316 ) on Monday October 27, 2003 @07:54PM (#7323681)

    Wake up and smell the bacon, people. The techno-utopianism of Wired when it was boosting the dotcom era into orbit has proven itself a poor match with human nature on all fronts.

    The benificient fathers of the internet made two horrendous design decisions concerning the final destination of a global internetwork: excessively strong anonimity and a near zero cost for dumping pollution into public media.

    Privacy, openness, spam-free: pick any two.

    For anyone who looked into ECC yesterday, you might have noticed that RSA has ideal properties for preventing some of this mess: expensive to sign a certificate, cheap to verify, and the ratio becomes worse as you scale up.

    If every spam artifact was signed with an anonymous RSA cert (anyone could make as many of these as they wish), as soon as one spam is confirmed, every other post signed by the known-spam cert could be instantly revoked.

    This would force the spammers to create a new anonymous cert for every spam instance. Yet with RSA certs, the computational cost to generate a cert is vastly greater than the cost to verify the cert.

    As an added step, the cert could require the IP address of both endpoints to be embedded inside (the server would reflect back the IP source address it sees, and then ask for an anonymous cert to be generated at a desired RSA key size).

    We won't have to damage anonymity very much to vastly increase the cost of dumping pollution.

    In this respect, weblogs would be a good place to start. This is a relatively new technology that could be retrofitted at one percent of the cost of a global e-mail infrastructure upgrade. It really doesn't matter if you inconvience a few bloggers working out the kinks, these people have not much useful to do in any case.

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre