Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam

Splogs Clog Blog Services 241

SuperWebTech writes "A new generation of spam has emerged lately in the form of automatically-created spam blogs, or "splogs." One wily programmer manipulated Blogger's API to create a "spamalanche" of thousands of blogs whose sole purpose was to increase their real sites' pagerank. This clogged search engine results while filling RSS feed services with useless listings. Though Google, Blogger's owner, is doing its best to fix the problem, in the meantime several services have stopped listing any site they host. So far nobody has found a solution."
This discussion has been archived. No new comments can be posted.

Splogs Clog Blog Services

Comments Filter:
  • Username trend? (Score:5, Interesting)

    by sethadam1 ( 530629 ) * <ascheinberg@nOSpAm.gmail.com> on Monday October 24, 2005 @11:06AM (#13863918) Homepage
    Anyone else notice that every username in the video is [letters]-[numbers].blogspot.com.

    Maybe start by disabling new blogs.
    Flag all usernames that meet that basic regex criteria.
    Hand filter that bunch.
    Add the same captcha you have on your comment system to the posting system.
    Re-enable registration.

    Seems kind of elementary, doesn't it? Why not try it?
    • Re:Username trend? (Score:5, Insightful)

      by De Lemming ( 227104 ) on Monday October 24, 2005 @11:17AM (#13864013) Homepage
      Flag all usernames that meet that basic regex criteria.

      With all the efforts spammers do to avoid baisian filtering on e-mail, don't you think they will change their username format to something else half an hour after you implement this regex? Probably to something more variable (and dictionary based).

      Hand filter that bunch.

      And hand filtering thousands of blogs which are created automatically does not seem feasible...
      • Re:Username trend? (Score:3, Informative)

        by De Lemming ( 227104 )
        That should read "Bayesian filtering" of course.
      • don't you think they will change their username format to something else half an hour after you implement this regex?

        Yes, but they'll have to contend with the captcha system, which is far more difficult. The name pattern is just to id the initial set to review, not a permanent thing.

        And hand filtering thousands of blogs which are created automatically does not seem feasible...

        Bah. Google has plenty of cash. They could hire temps to do it and knock it out in a few days.
        • The catpcha system is an interesting problem but not insurmountable. The third-world anti-captcha sweatshop seems like a pretty tricky thing to circumvent.

          ...advertising also has the advantage of placement v.s. cost. They can charge more to advertise if the medium is more expensive to advertise in.

    • Re:Username trend? (Score:3, Insightful)

      by Otter ( 3800 )
      Well, that'll work today. Then tomorrow the sploggers* will catch on and use more complex names, and Blogger will be stuck with that now-useless cruft forever.

      * I hate most blogoneologisms, but kind of like this one. Can we look forward to splogcasts in the future?

  • by ponds ( 728911 ) on Monday October 24, 2005 @11:06AM (#13863922)
    With the Splogosphere maturing, we can expect to see Splogcasts in the near future.
  • And yet... a default of ref=nofollow [blogspot.com] for all user links seems to be a good start. Ok, ok, inconvenient, valuable links will be lost forever, yada, yada, yada. Only until a better solution is found and even until then it's better than the spam hell.
  • Word verification? (Score:5, Insightful)

    by badasscat ( 563442 ) <basscadet75@@@yahoo...com> on Monday October 24, 2005 @11:07AM (#13863938)
    Wouldn't a simple word verification requirement when creating a blog cure this? I don't think many people would bother creating "thousands" of new splogs if they knew they needed to manually enter in user data for each one... why should you even be able to start up a blog using an API?

    Blogger already requires word verification for posting comments (if the blog admin turns it on) - am I missing something or would this also work to at least alleviate the splog problem too?
    • by jkauzlar ( 596349 ) * on Monday October 24, 2005 @11:20AM (#13864028) Homepage
      They could always randomly generate text from dictionaries to beat the word verification. But no 'splogger' is going to buy up thousands of IPs or domain names for their clever little scam. Figure in the IP or domain name to the pagerank. Maybe if most of the links are from the same IP then take a percentage off its score? This percentage co-efficient could even be derived from the textual context of the links.. if the context is the same (like the scores of mirrored Wikipedia articles, to name one example), then lower the co-efficient.
    • by Bogtha ( 906264 ) on Monday October 24, 2005 @11:21AM (#13864045)

      Wouldn't a simple word verification requirement when creating a blog cure this?

      Yes and no. CAPTCHAs solve the problem for things like Slashdot, where you just have to worry about trolls with too much time on their hands. But when it comes to spam, there's a value to beating them, so what some enterprising spammers do is set up porn sites that tell people "enter the word you see here and get free porn!". Lots of horny geeks do the spammers' work for them. The difference between the two scenarios is that the spammers are willing to pay minute amounts to beat the CAPTCHAs, but the trolls aren't.

      • The difference between the two scenarios is that the spammers are willing to pay minute amounts to beat the CAPTCHAs, but the trolls aren't.

        OTOH, trolls are smart, whereas spammers aren't. If spammers were smart we'd see lots more linkspam in ASP and Coldfusion sites.

        Vulnerable ASP sites exist in the millions, and candidates can be found easily using a simple google search...

        However, most of these sites are pretty obscure, and an ASP site is not worthwhile for a troll if it is too low-profile (indeed, w

      • comes to spam, there's a value to beating them, so what some enterprising spammers do is set up porn sites that tell people "enter the word you see here and get free porn!". Lots of horny geeks do the spammers' work for them. The difference between the two scenarios is that the spammers are willing to pay minute

        I've seen this mentioned a lot but haven't ever actually seen a porn site that does this. Can you please provide some references? Because I really want to know if this is something that actually

      • some enterprising spammers do is set up porn sites that tell people "enter the word you see here and get free porn!". Lots of horny geeks do the spammers' work for them.

        Really? How do you know this? I know the idea has been proposed and is mentioned quite often, but if you can't give a URL for a captcha-porn site, I must conclude that this is still an urban legend.

    • by Animats ( 122034 ) on Monday October 24, 2005 @11:43AM (#13864223) Homepage
      Word verification is obsolete.
      • Programs have been written that can successfully decode capchas most of the time. It turns out not to be too hard to modify OCR programs to do this.
      • Word verification can be outsourced to third world countries at low cost.
      • Most cleverly, word verification can outsourced to users of your porno sites, who have to type in soneone else's capcha to get free pictures.

      All these approaches are in active use.

      • Maybe beatable, yes, but still 99%+ effective and definitely not obsolete in practice. Most of the successful existing CAPTCHA attacks use a dictionary matched to the default wordlist that ships with the CAPTCHA and can usually be defeated by running the CAPTCHA in random mode with a few more characters than usual. I get maybe four or five hand-entered spam comments / week, which are usually quickly blocked after the first attempt by blacklisting the target "online drugstore" / poker / whatever site's URL
    • by Myself ( 57572 ) on Monday October 24, 2005 @11:46AM (#13864254) Journal
      If someone's willing to pay for a higher search ranking, the spammer can pay humans to beat the CAPTCHAs. I can see it now, a sweatshop in a low-wage country with hundreds of workers monotonously typing in the text from the skewed and scrambled images.

      There's also PWNTcha, a CAPTCHA decoder. [zoy.org] (Previously slashdotted.)
  • by Anonymous Coward
    Any trend that has added so much crap to the English language deserves what it gets. After reading the "words" blog, splogsplosion, splog, and spamalanche, I must take a shower.
    • On a serious note, while no search engine should just give away their secrets (if they want to stay popular anyway), I think the mystique that is "Page Rank" (spooky echo) has sort of made Google semi-responsible for a lot of the spam on the net. Do you see anyone making stupid pages (and words) like slogs to exploit Yahoo's results? How about MSN?

      Heck, I'm a web developer for a company getting regular complaints that my efforts aren't giving the company site a better PR, and I have to explain that it could
  • by StephanTual ( 65000 ) on Monday October 24, 2005 @11:08AM (#13863946) Homepage
    ... much hyped statistics like 'a new blog created every 2 seconds'.
  • by michaelzhao ( 801080 ) on Monday October 24, 2005 @11:10AM (#13863957)
    Google has recently announced an idea that would benefit bloggers. The idea is to have a separate blog search similar to sites like "Technorati". At first glance, this benefits bloggers. However, it benefits Google even more. By having Blog searches separate, they can significantly cut down on Google-Bombing. Google-Bombing really screws with their search algorithms.

    I think this may be the beginning of a wholehearted launch of "Google Blog". This issue has also been reported on the "TWiT Podcast" hosted by Leo Laporte. I can't remember which episode number it is, but if you search iTunes podcasts database, you should be able to find it.

    Example of Google-Bombing. Go to Google and search "Miserable Failure" and hit "I Feel Lucky". Regardless of what your opinions are. That type of behavior is still wrong.
  • by tcopeland ( 32225 ) * <tom@@@thomasleecopeland...com> on Monday October 24, 2005 @11:12AM (#13863971) Homepage
    i.e., Artima's Ruby Buzz [artima.com] and Java Buzz [artima.com], Planet PostgreSQL [planetpostgresql.org] and so forth.

    Of course, those become less valuable when folks add RSS feeds that aren't specific to the topic, so that Java posts show up in the Ruby feeds and all that. That can be tricky too, though; does this post [blogs.com] go under Jabber or PostgreSQL? Dunno.
  • Capcha? (Score:3, Interesting)

    by wren337 ( 182018 ) on Monday October 24, 2005 @11:12AM (#13863975) Homepage
    Isn't this the kind of automation prevention problem that capchas can solve reasonably well? Put image-text verificaiton on each step of creating or appending to a blog. If nothing else it will slow them down. Am I missing something?
    • It pisses off legitimate users and is no good for disabled people/lynx zealots. I've had to use the insecure bookmarked-login thing to read /. lately.
      • I wonder what would happen if IP addresses were posted on EVERY comment. Yes, EVERY comment.
        Gave a bigger site like blogger.com have a record of each IP address that comments. If people start reporting spam comments and enough of them are tied to one IP address, block that IP address out from anything in the future.

        Abuse on the internet has to come in from somewhere. Why not cast a net, find out which blocks it is, and choke it from there, forever? Don't ask nicely, don't give a 24 hour warning. Just block
        • Because then the poor next person to get that dynamic IP can't use your site, and the guy who did the spamming just disconnects and reconnects and starts going again. Once IPv6 comes in ISPs might give static IPs to everyone, but at the moment there's no way that'll happen. And even then you have people getting viruses and becoming accidental open proxies, unsecured wireless connections, friends coming around, and so on. A site that followed your policies would just lose too many legitimate users.
        • Re:Capcha? (Score:2, Interesting)

          No way would I like that.
          Not one little bit.

          Consider the following very general situation:
          Spammer uses home ISP connection with connection time allocated dynamic IP.
          Spammer sends out thousands until blocked.
          Spammer reconnects and gets a new IP whilst the original one is reusable by someone else.
          You or I then connect and unfortunately get the old IP and cant access the service any more.

          BTW, Its already in practice here on slashdot.
          Post too many fucked up comments and your IP banned from posting.
    • Re:Capcha? (Score:2, Informative)

      by Cramer ( 69040 )
      Capchas don't solve anything. 90% of them are easily decoded by software. (Software made them, software can decode them.) And as others love to point out, there are ways to get actual people to decode them for you. [However, I've never seen actual evidence of one of the "pr0n traps".]

      The only thing that appears to work is charging for new accounts. Yes, it's annoying. Yes, it will drive some, otherwise legit, people away (because they don't use online payment systems, etc., etc.) And yes, it's a hassle
  • by bahwi ( 43111 ) on Monday October 24, 2005 @11:12AM (#13863977)
    picture, print that document out, attach it with your photo ID, and fax it to (800) Goo-gle1
  • Charitable donation (Score:5, Interesting)

    by Honkytonkwomen ( 718287 ) on Monday October 24, 2005 @11:12AM (#13863979)
    Simple: Just require a small donation to charity (through Paypal?) before they can create a blog. A dollar or two shouldn't matter to anyone who's putting up a real blog, but will deter sploggers.
  • Couple of solutions? (Score:5, Interesting)

    by keraneuology ( 760918 ) on Monday October 24, 2005 @11:14AM (#13863991) Journal
    How about a spider-readable timestamp for blogs? If 5,000 new blogs pop up within 12 hours of each other linking to the same web page it is an obvious red flag.

    On top of this, once again the hosting services need to be held responsible: if a site is hosting an obviously spamvertised site then give them 24 hours to remove the site or be blocked from future indexing activities - and have current rankings deleted.

  • by slicer622 ( 579305 ) on Monday October 24, 2005 @11:14AM (#13863994)
    I feel like I'm in a fog, without a seeing eye dog. What a sog! Burninate, Trog! Jeremiah was a bullfrog, but there was a server backlog. And that was just the prologue. Later we took a jog to get some egg nog. Just make sure to oil the cog. I know its a slog, but its better than smog. Thats the end of this log.
  • by Saeed al-Sahaf ( 665390 ) on Monday October 24, 2005 @11:15AM (#13864005) Homepage
    The trick is to figure out which are "splogs" and which are "real" blogs, because both are usually crap.
  • Automatic creation of blogger accounts. Now that's even one step more than the already rediculus blog and ping automator [aardtek.net] from the guy believed to be the one spamming boingboing's comment form [boingboing.net].
    I seriously wonder if the DMCA's or other *AA laws couldn't be used to subpoena the ISP of these guys to get their real addresses. For some reason I doubt they are that many people in the spam and "search engine optimization" business.
  • by capicu ( 880524 ) on Monday October 24, 2005 @11:21AM (#13864044)
    That is the most Sun-like headline I've ever seen on slashdot. For those of you who aren't in the know about crappy British tabloids, The Sun [thesun.co.uk]* is like the most popular paper in the country, and I think owned by Darth Murdoch himself. They quite helpfully have pictures on their main page of recent headlines (flash), hence the link.

    *Health warning: please shield your eyes whilst loading the site. The sudden visual impact of the Sun's website can cause severe disorientation, epileptic fits, vomiting, and in some cases death. Not recommended for pregnant women or people with heart conditions
  • by digitalgimpus ( 468277 ) on Monday October 24, 2005 @11:24AM (#13864064) Homepage
    In hopes of not looking so spammy, they will take real blogs, and either copy the contents, or just key words (such as authors name and perhaps post title.

    So when you search for something... spammers with your name come up, rather than yourself.
    • Actually yeah i have run a blog for a long time about energy drinks... I found that spam bloggers trying to make money off energy drink ads and or promote links to their own energy drink have crawled my whole blog and copied nearly all of its contents and made massive splogs that either run google ads or have links all over the place to some energy drink. It is crap and there is no way to contact them to say they are stealing my content... The worst part is that it is working, so many of these fake competit
  • by nherc ( 530930 ) on Monday October 24, 2005 @11:25AM (#13864069) Journal
    Honestly, with everyone and their mom jumping on the blogging bandwagon and the general quality of said blogs approaching robot created jibberish, I honestly think the blog hosting companies are in for quite a struggle determining spam from cruft. Although, if their automated measures also wipe out some of these inane blogs as well perhaps the authors will get a hint and the blogsphere will be a better place AFTER the spammers arrived--imagine that.
  • by ianmassey ( 743270 ) * on Monday October 24, 2005 @11:27AM (#13864084) Homepage

    The problem surfaces when the "splogs" are used to comment spam and trackback spam legitimate blogs. It's through these links that PageRank is increased. If everyone starts proactively dealing with spam on their own sites, this problem will solve itself. MovableType users can upgrade to 3.2, which has spam blocking features, or use the great plugin MT-Blacklist. Either will eliminate this problem. An AC mentioned that WordPress has a similar set of options. I know that TypePad does. The only major blog service provider left to come up with a solution is Blogger, and in the interim you can require registration to post comments on your Blogger site or turn comments off entirely. LiveJournal and all the clones are blocked from trackback by 90% of normal blog sites already, so they don't even count.

    Another poster suggested that we ignore this problem, and it will go away. Untrue. Ignoring the 600 spam comments a day is exactly what the spammers would prefer you do, so that they can stink up every site on the internet with their crap. We are fortunate that in the case of this "new" form of spam, the tools necessary to get rid of it are already there and effective, we just need to get them all turned on.

    • Too late for moderation, but in case you check your replies...

      I figured out two very easy immediate technical solutions to blogspam. They aren't permanent solutions - if lots of people use them, the spammers can very quickly adapt. But as long as most folks (and software systems) are asleep at the wheel and either manually delete the spam or just turn off comments/trackbacks, these methods should work. (Working fine so far, but I've done the anti-spam thing enough to not count my chickens...)

      For comment s
  • Ahhh, one step closer to the inevitable webterm of "splooge."
  • Hmmm - keeping useless information from clogging the "blogosphere" has got to be one tough gig.
  • Ok, I'm a great fan of webservices - but this is blatant abuse. And it is clogging up search engines, right under the nose of our very own Google. They could implement some internal solution and work-around this right now. But who uses any other web search anyway.

    I'd like to see what blogger throws up when you hit it with a user-agent as googlebot. Will it be different from what it churns out to the general public - Now and in the near future.
  • Why is everyone bashing blogs so hard? I know that most of the blogs are the rantings of 16-year-olds, but that's a gross generalization. A blog is a site you post on, and many sites fit that definition, including Slashdot, Maddox (who went on to bash blogs recently), and, well, most other sites.
  • by Andrewkov ( 140579 ) on Monday October 24, 2005 @11:51AM (#13864304)
    Is it just me, or is there way too much advertising these days? Radio is almost completely unlistenable to me since most stations play about 20 minutes of commercials each hour, TV has the same problem. Hell, even when you *pay* to get into a movie, you have to watch 20 mins of trailers for other movies, plus actual televeision ads!! Not to mention all the product placement in movies. Email is almost completely useless because of spam, and blogging is heading that way. Usenet was killed by spam years ago. Most of us here are using AdBlock and other techniques to reduce advertising on web sites. You can't even download shareware anymore without it coming bundled with ad-ware. And now I'm getting voice mail spam on my cell phone (any idea how frustrating it is to listen to a voice mail while in rush hour traffic, navigating the menus and stuff, since it might be a work or family emergency, only to find out it's spam?). Plus I can't even drive on the highway without being bombarded with billboard ads, not to mention that every car in front of me has a nice little manufacturers ad glued to the bumper. And then there's Google style ads -- little text only blurbs that are related to your search (or gmail content). These are even more insideous, since they're harder to filter out.

    Sorry for the rant, but this is all just becomming too much, and it's only getting worse. Are we as a society willing to accept this in the name of free services?

    • "Are we as a society willing to accept this in the name of free services?"

      This isn't even necessarily part of receiving a free service. Just look at the examples you cited, did you pay to go to the movies? So why do you have to pay to see ads? I truly doubt that the cost is being held down for you by the ads, more likely it is just extra profit for the theaters at your expense.
    • Heeeeyack! It's a CAPITALIST society! The only way you keep one going is to keep people buying more and more stuff!

      Who among us could not grok the same frustration? Funny anecdote: My kid went on a school field trip which included a stop at McDonald's. She returned with her happy-meal toy: a tiny little stuffed puppy-doll with a hu-u-ge tag sewn to it, just screaming with advertising and copyright information. The tag was about three times as big as the dog. I sent her for the scissors and snipped the tag

      • Personal note - weened my 5 year old off of McDonalds. Just went with the phrase "Daddy doesn't go to Donalds" - after a while - he doesn't even ask anymore. The kid knew McDonalds before he was ever there, from birth! - pretty good job if they can advertise to the kids before they can learn to speak.
        • weened my 5 year old off of McDonalds.

          Good choice! Our family doesn't do fast food - period - but this was school we're talking about. So I caved. Have you noticed how much kids are targeted by advertising while in school? My kids bring home marketing junk from places like Home Depot and FedEx (T-shirts and such) that visit class. FedEx actually sent the daughter home with a temporary tattoo. I drew the line there - big business wants to graffitti their logo on my kid's bodies? I pitched it.

    • Well, advertising wouldn't be spiralling out of control quite as much if every single person wasn't trying to make a million dollars by age 25. What ever happened to working for what you earn, and then enjoying those earnings. I know at least the US is on a fast track to having a lot of unhappy people with way too much money that isn't worth anything.

      Maybe I'll just go live under a rock... as long as I can get wireless high speed internet ;)
  • Look on the site. It is 99% advertising to porn sites only semi-cleverly disguised as "blogger"-like content. The rest of the site is porn banners.

    And of course he uses deceptive advertising. Clicking on the occasional link to a free .wmv file actually redirects you to yet another porn site.

    Of course, I can't even remember the last time it had any original written content. Just gross pictures.
  • by museumpeace ( 735109 ) on Monday October 24, 2005 @12:36PM (#13864671) Journal
    I have only used the e-mail posting interface to my blogger blogs a few times. If you like simplicity, the blogger online editor is quick-and-dirty posting for free. But the potential for abuse when you combine the easy-setup for gaining an account and the email method for posting is obvious.

    its kind of ironic that google, which has had fewer [not "no", just fewer] security gaffs than Microsoft is, in a sense, suffering security embarrassment for a rather similar reason to the origins of Microsofts security mis-steps: trying to appeal to users by providing very streamlined and simple user interfaces to functions that require privelege [account creation, publication] on most systems [think unix or Apache]...yes the additional "hassles" of authenticating and establishing the remote request is from a human and not a bot are an impediment to users. But catering to utter lazy dummies is a worse hassle as ought to be clear to everyone by now. Funny this is now news. If you went to blogger 6 months ago and sellected a random blog and then just surfed randomly by hitting "NextBlog" button, you would have seen dozens of sights that were just huge steaming piles of links for such vital topics as online shoe purchases ...abject link-stuffing pollution for google's own search engine and festering on google's own blogging service...seemed pretty dumb to me. BTW give google credit for putting a captcha feature on post commenting because comment spam used to be just as easy to blast into blogger posts as splogging.
  • Not news. (Score:2, Funny)

    by idhindsight ( 920184 )
    All blogs were already spam. Now it's just unashamedly so.
  • by gr8_phk ( 621180 ) on Monday October 24, 2005 @01:20PM (#13865025)
    Email allows anyone to send it - the result is SPAM. Blogs allow anyone to post comments - the result is spam. We should have learned this by now. Blogs need a handy way for bloggers to moderate comments before they appear. C'mon it's not rocket science.
  • None of this would happen if there was no money driving the attacks. How to make it not financially worthwhile to pay people to spam for you should be the question.

    People in this thread have mentioned a number of things which would make such spam more technically difficult to pull off, none of which would be foolproof.

    However, some combination of these techniques could be used by the search engine (handy, that Google the Blogspot-owner-victim is also the search engine being manipulated) to simply flag spam
  • Splogspot [splogspot.com] provides a searchable index of splogs, as well as an RSS feed of the most recently discovered splogs. ReferrerCop [referrercop.org] provides a searchable index of referrer spam (which often consists of splogs) as well as downloadable blacklists in a variety of formats.
  • Why can you create an account using the API anyway? Is this a necessity?

    Even if there is a good reason for this capability, surely just throwing in a image (or sound) verification stage will make your problem will go away?
  • It's so hard to tell "legitimate" high-ranked blogs from algorithmically generated blogs because the two are so damn similar. Many of the high-rank blogs are just incestuous clusterfucks with groupthinkers promiscuously and reflexively linking to each other in a slutty daisychain link. Run the same stories, gangbang the same audience, pimp out the same adverts. Especially good for iPods, porn, and robot women. Why get peeved when the machines can do it better?

    You reap what you sow.

"Show me a good loser, and I'll show you a loser." -- Vince Lombardi, football coach

Working...