The Net is Dead

Marco van Hylckama Vlieg on web technology, design, life and everything

Commentary

Join the discussion! Leave a comment through the comment form below!

• At 17 September '05 - 14:25 Griswald wrote:

  

  That’s pretty lame but to be expected when taking such a public position against spammers. Might I suggest an email to the folks at Google explaining the situation?
  
  With your well known efforts to help reduce various types of spam I would hope that they could ensure your site is not removed from their service.

  
  

• At 17 September '05 - 14:26 Marco wrote:

  

  I did that Griswald. Now let’s just hope they’re going to respond. They haven’t been all that responsive in the past…

  
  

• At 17 September '05 - 18:08 Simon wrote:

  

  Ah damn mother f*ckers. That’s really nasty. Whatever happens, you have my full support. If Google ever thinks about banning you, I would most certainly think a lot less about them. And if they ever ban
  
  How many of those comments are out there? Or is this the only one? What’s the complete text of the comment by the way?
  
  Will they ever die… All of them… Grrr…

  
  

• At 17 September '05 - 20:47 Marco wrote:

  

  So far I spotted several… more than 10. I suspect there are many, many more. I sent mail to Google hoping they’ll respond. Now I’m sitting and waiting…

  
  

• At 17 September '05 - 22:04 Simon wrote:

  

  I have an idea. Which page of you are the spamming around? Put an explanation on that page, to make clear you’re not spamming. :)

  
  

• At 17 September '05 - 22:08 JoeChongq wrote:

  

  We have had a couple spammer do this to chongqed.org for listing them as spammers. Google is full of text stolen from our pages and fake spam for our domain. Even if you can figure out who is doing it there isn’t much you can do.
  
  See a couple we have discussed:
  http://wiki.chongqed.org//WikiForumArchi..
  http://wiki.chongqed.org//SpammerInDenia..
  
  I like your CAPTCHA, very accessible.

  
  

• At 17 September '05 - 22:21 Mike Boas wrote:

  I’m glad you’re acknowledging the problem on your site. I got the referer spam, then almost added your site to the banned domain list for my blog. Something made me come to your site to see what it was first, though.
  
  Good luck!

  
  

• At 18 September '05 - 00:40 Marco wrote:

  

  It’s really pathetic. I hope it doesn’t ruin my reputation or get me banned from google. I’m a fanatic spam-fighter and proud of it too. Ann Elisabeth from spamhuntress.com told me some Google people are reading her blog as well so I guess I’ll be ok when it comes to getting banned from Google.
  
  Mike> I’m glad my javascript notice does the job. I’m really really sorry sites are being spammed with my URL. If I could do anything to prevent it I’d do it but I’m basically helpless here.
  
  JoeChongq> Thanks for the compliment. I’m honoured to have you on my site. You’re a great spam fighter!

  
  

• At 18 September '05 - 21:08 Josh wrote:

  

  I thought those comments looked a little odd. First instance of spam on my blog! :D
  
  Is there anything I can do to help?

  
  

• At 18 September '05 - 21:11 Marco wrote:

  

  Hi Josh, yes you can help out by letting me know which IP it came from. I guess that’s the only thing I can think of. I really hope this won’t go on for a long time because finding the asshole who did it is close to impossible I’m afraid. But the IP might help a bit. Do you still have it?
  
  Thanks!

  
  

• At 19 September '05 - 19:47 Recipher wrote:

  

  Hi Marco. I got a couple too, but, I don’t think the IPs will help you as I’m sure they are zombies or spoofed. Anyway, here they are.
  
  213.179.250.110
  168.143.113.52
  
  We all appreciate what you are doing, and, it was pretty obvious this was someone else. I hope everyone will realize that before labeling your site as spam. The weird part is this is the first spam comment I’ve had in months!
  
  Cheers.

  
  

• At 19 September '05 - 23:24 Marco wrote:

  

  Thanks Recipher, appreciate your understanding! You’re right, it’s a lame ass coward hiding behind anonymous proxy server. Those should be burned on the stake by the way!
  
  I was hoping it will go away soon but it’s still going on for Cosmic Buddha so I expect this thing to last for quite a while. Oh well… sigh

  
  

• At 20 September '05 - 12:26 Honey wrote:

  Marco – another IP source for this spam for you – received it on my blog today.
  
  81.56.240.106
  which is lns-th2-4f-81-56-240-106.adsl.proxad.net, so probably a compromised home account, but it might be worth mailing postmaster@proxad.net to investigate? You never know, you may find the real IP via them if the compromised machine is examined. Worth a go?
  
  Honey

  
  

• At 20 September '05 - 12:35 Honey wrote:

  To add to the above, two more URLs included in the spam:
  
  http://www.andrewsblog.net/?p=40
  http://www.allucher.com/sato_blog/archiv..
  
  - I imagine both also innocent. I’ve added a comment to the first page above, and you may want to work with them on this?
  
  I imagine this is the start of a big new attempt to discredit all blogspam blacklists by including legitimate blogs…
  
  Honey

  
  

• At 20 September '05 - 12:38 Marco wrote:

  

  Thanks Honey!
  
  I’ve sent an email to proxad. Let’s hope they’ll respond! I’ve also sent an email to the folks of the SEO Blackhat blog to ask whether this is some sort of new masterplan or just some idiot. I’ll keep you all posted on what happens!

  
  

• At 20 September '05 - 12:46 Marco wrote:

  

  Hmmm addendum, it seems to be a Linux server. You can see that if you try to access it with your browser
  
  So either it’s a hacked box or this box belongs to the spammer himself…
  
  Let’s see what proxad has to say. Let’s hope they speak English because they’re French…

  
  

• At 20 September '05 - 13:10 Honey wrote:

  I’d try the first one mentioned by Recipher above too, which resolves to railwaytech.org. No website, but sounds like you might get someone direct to exchange email with. Having said that, it’s in the Ukraine…

  
  

• At 20 September '05 - 13:54 Andrew wrote:

  

  Hang Spammers!
  
  Andrew from Andrew’s Blog here.
  
  And yes I have no idea what is going on??
  
  What can I do? I can’t think of much at the moment apart from running adaware and AVG anti-virus.
  
  Oh my gosh I want to guillotine all spammers.

  
  

• At 20 September '05 - 14:03 Marco wrote:

  

  @Andrew> Unfortunately you can’t do anything. Adaware and AVG have nothing to do with blogspam and won’t protect you against it. These developments are really worrying because this could be the start of massive amounts of idiots placing completely random spam. This isn’t even spam in the traditional sense anymore (spam in order to get pagerank or in order to sell crap) but it’s something new and more annoying than anything I’ve ever encountered in terms of spam. Anyone can do this to you, that’s the problem. I could go and spam-infest hundreds of sites with links to a blog by someone I don’t like and get him into trouble.
  
  At first I thought this was some sort of revenge against me because I write anti-blogspam software but given the fact that other people are affected as well this isn’t the case.

  
  

• At 20 September '05 - 14:06 Honey wrote:

  Just received two more dropping URLs for sites unrelated to yours. I think the spammers are trying to mess up the ease with which tools like MT-Blacklist can block spam, by making those of us who think about the blocks not want to block other friendly bloggers – a bit like how email spammers send long lists of meaningless words to seemingly mess up Bayesian filters in things like SpamAssassin. This seems pointless to me, as I presume most blacklist users just “block all”, and won’t notice, or stop using them. Only the victims will know, or care, and it won’t stop others using the blacklist software.
  
  I don’t know how Movable Type 3.2 which seems to use SpamLookup works, but maybe it’ll deal with this. Might be worth mailing the MT-Blacklist author or sixapart.com on this, or check their forums/post to them.

  
  

• At 20 September '05 - 14:08 Marco wrote:

  

  @Honey> This is why I strongly advise bloggers to use something other than a blacklist to block automated comment spam. Two examples are Elliott Back’s Hashcash for WP and the solution I use on this blog with the silly question in the comment form. It blocks everything without having to do cpu intensive bayesian filtering or rule based filtering.
  
  I think the end of centralized blacklists is near. Let’s move on to the above mentioned techniques. I never get spam on this blog because of them!

  
  

• At 20 September '05 - 14:19 Andrew wrote:

  

  Marco,
  
  I have so few readers on my site I’m surprised that I’m a target. I had some fool make a silly comment and link to a bizarre homepage, but nobody else as far as I can tell.
  
  How can I get myself a good silly question plugin for wordpress?
  
  I like the anti-spam question currently btw.
  
  Cheers,
  Andrew

  
  

• At 20 September '05 - 14:26 Marco wrote:

  

  I’m not sure if there’s a question plugin for WP like the one I wrote for Pivot (in use on this site). I believe still no one implemented my idea on other blog systems. Strange really because it’s kinda easy.
  
  However for WP you could use WP HashCash by Elliott Back which is a Javascript solution. Alternatively you could try to find a captcha plugin which renders an image with some letters and numbers which visitors have to type before posting a comment..
  
  Here’s a WP captcha plugin

  
  

• At 20 September '05 - 14:41 Honey wrote:

  (Just got 3 more!). Yes, I don’t like blacklists much, but I do love bayesian filtering – I find SpamAssassin’s positive and negative results fairly stunning on email once it’s trained. But I do also find adding DCC, Razor (and I guess SPF) does help a lot too – I’m sure these techniques could be useful for blogspam too.
  
  I just read up on HashCash for email – nice idea, but it also will take some cpu, in the same way bayesian content-based filtering does – I guess that’s the point, that spammers can’t afford the cpu. I actually don’t mind as my server’s up to it :)
  
  I do like your silly question idea, as I believe algorithms recently improved a lot for the “read these numbers back to me” type of protection. I never found a plugin that worked with MT3 for this anyway – I’d like any kind, including your nice silly question idea. maybe I should have another hunt… sigh.

  
  

• At 20 September '05 - 15:12 Honey wrote:

  Sorry, what I meant by “read these numbers back to me” was exactly what you said: captcha. I believe there was an article fairly recently that proved that most of these could be machine-read and therefore broken by spammers in theory – and so will be soon if it’s economicably viable for them.
  
  Also, a paper on this page doesn’t seem to cast an optimistic light on hashcash solutions, at least for email: http://www.cl.cam.ac.uk/~rnc1/ referenced from http://www.exim.org/mail-archives/exim-u.. – I can’t pretend to have scanned it properly, but I’m wondering if the same argument (i.e. making it too expensive for spammers to calculate the hashes will also make it too expensive for ordinary users) holds true for blogpam too in the longrun.
  
  It occurred to me that this spammer obscuration tactic isn’t going to work – I bet most people with MT-Blacklist don’t ban domains, they just treat the notifications as email spam, and delete them without despamming. It’s remarkably easy to scan an MT-Blacklist notification and see if there are real blockable domains in there – takes about 0.5 seconds! I have to say, MT-Blacklist has never not moderated a genuine spam for me.
  
  I like your silly question idea best though! Because it’s so configurable by the user, it seems to me to be quite unbreakable by a spambot. I wonder who I beg to write an MT plugin…
  
  By the way, yes, I’m finding it very hard to read this site in firefox I’m afraid – played with zoom etc etc…

  
  

• At 20 September '05 - 15:23 Marco wrote:

  

  I have no idea about hashcash applied to email to be honest. I’ve never used it at all. However on the comment-spam side it just works because current spambots are usually dumb perl scripts or php scripts that just fire off POST request to the action url specified in our comment forms. That bypasses the javascript and is therefore easily marked as spam. When spammers start building spambots that feature a javascript runtime the hashcash thing will be dead. However they would still need to parse every individual entry page before posting the spam which is something most current spambots don’t do either. Therefore it has little to do with ‘making things expensive’ because javascript isn’t really all that CPU intensive. It’s just a matter of technology which the spammers currently don’t have. Therefore us bloggers are currently one step ahead. Only for the time being though.
  
  With this very fact in mind I came up with the question thing. It should be easy to build it for MT if you’re a perl programmer. Unfortunately I’m not one of those which is why someone else would really have to adopt the idea. My version for Pivot is still rather primitive also because administrators can only set one question in the admin panel. In a future version I’d like to fit it with an unlimited user configurable database full of silly questions making it truly impossible to crack.
  
  About the Firefox thing: I’m using Firefox as well so I’m not sure what you mean. Is the text too small?

  
  

• At 20 September '05 - 15:54 Honey wrote:

  Oh I see – you’re just saying use hashcash because they haven’t caught up – an advantage if you continue escalating to leading edge or minority-use things yes… but the section on how it works for email proposes it as a long-term pseudo-cost based model – the paper seems to be saying “good idea, but it won’t work” which is a pity. I think the cpu-intensive stuff is the hash calculation (although I may be way off here) which is supposed to be negligible for single mailers (/commenters?) but massive for spammers.
  
  I’m not a perl programmer either – or at least, when I hack it, it only sometimes works! Hmm…
  
  I run Firefox at a usual zoom level of 120% (using the TextZoom extension) and I had to ctrl-+ once to make your “Post Comments” button appear – and even at this setting titles are obscuring text – like the “Tags” title bar below. Firefox 1.0.6 on Linux with quite a few other extensions that I don’t think affect appearance, but I just thought I’d confirm the comments at the top that things look a little odd for me. Sorry, unsure why. If it’s just TextZoom, you might want to ignore my comment, or try it, but it doesn’t really cause problems elsewhere…
  
  Zooming right down to tiny text makes everything appear ok, it seems…

  
  

• At 20 September '05 - 16:54 Marco wrote:

  

  Hmm… funny.. It looks fine in Firefox on both PC (here at work) and Mac (at home)...
  
  I should check out the Linux situation some time soon!

  
  

• At 20 September '05 - 23:22 Andrew wrote:

  

  I’m not aware of what form comment spam took before but this form seems very confusing.
  
  There is this website I have bookmarked that has a spam comment from me (just a trackback quote I think you call it) and my web address, what chance that this blog was chosen randomly I wonder?
  
  I think this must be non-random but I’m at a loss to work out how this is possible??

  
  

• At 20 September '05 - 23:35 Marco wrote:

  

  Andrew, there does seem to be some weird pattern of interconnectedness. Still I have no idea what the master plan behind it is…
  
  Since we’re already being spammed anyway I took the plunge and asked QuadsZilla of SEO Blackhat (who seems a rather nice guy) if he has any idea what kind of wicked SEO technique may be behind this kind of spam. I’m waiting for him to blog about it.

  
  

• At 21 September '05 - 00:48 Honey wrote:

  My guess is it’s just a bot trawling blogs, and picking up references from each blogs it visits to use on others – to stop us all trusting our blacklists. I guess that bad side of that is that my own blog is likely to be using this way now too… :(

  
  

• At 22 September '05 - 11:09 Edward Clarke wrote:

  

  I have just this very morning received comment spam on my MT blog leading to your mint article.
  
  Details are:
  
  IP Address: 148.244.150.57
  Name: kevin cole
  Email Address: ian@yahoo.com
  URL: angrypirate.com/wordpress/?p=381
  Comments:
  
  nice job. i’m planning to come back here in the future. keep scrolling down for pastry cream recconsequentlyipe: http://www.andrewsblog.net/?p=40 , i finished the 6th ball
  
  Now, I clean my site daily of crap and I see it as a normal daily event such as a morning dump or brushing my teeth etc. Lately though, I have been fighting back only to discover that people are trying to wipe out sites by comment spamming and the recipients are innocent.
  
  Here’s my theory.
  
  Mediocre search engine optimisers are being stung by the viral nature of blogs and their proliferation across the globe. This makes excellent fodder for Google and Yahoo so all the efforts of building links by these SEO companies has been completely nullified as their clients have sunk in the listings.
  
  To counter it, it’s easier to bring down sites that rank well than build up poor sites with inbound links which is a worrying trend. I haven’t been a victim of this yet [maybe I’m not important enough yet] but I regularly receive comment spam and it seems such a pointless exercise except for the fact that the targets of these spammers run the risk of being blacklisted or flagged by search engines.
  
  So there we go. It’s interesting to see a shift in spam trends as it makes for a great debate in the marketing forums I frequent. Question is, where is this trend leading and what can the victims do about it?

  
  

• At 22 September '05 - 11:16 Marco wrote:

  

  Edward> Thanks for your reply!
  
  As for what the victims can do: Those who are spamvertised (like me and some other bloggers) can’t do a thing. Just hope it will stop one day.
  
  Those who are on the receiving end of the spam runs should install proper anti-spam software. I believe MT’s primary defense tool is MT-Blacklist. The blacklist however is a centralized list of URL’s which is rapidly losing it’s power because spammers have started spamming with non-spammy URL’s (our blogs!). However the spam is still automated. Hand-submitted spam is still very rare. Therefore you need a tool that prevents automated mass-submission of comment spam by other means than scanning a blacklist. Options are a javascript challenge, a captcha image or the one you see here: a trivial question that needs to be answered.
  
  I recently wrote a plugin for WP that enables WP users to do the question-thing. I’d love to do it for MT as well but unfortunately I suck at perl coding…

  
  

• At 22 September '05 - 11:24 Edward Clarke wrote:

  

  Maybe it’s all the reason I need to move over to WP. I’ve been looking for an excuse…

  
  

• At 22 September '05 - 11:27 Marco wrote:

  

  Or switch to Pivot which is the system I’m running this blog with. You’ll be able to use my Pivot-Blacklist software which is (at least I think so) still the most comprehensive all-in-one anti spam package. It kills not only comment-spam but also referrer-spam and trackback-spam
  
  There’s an MT-import script too

  
  

• At 02 October '05 - 10:41 Another Andrew wrote:

  

  Just arrived at this discussion as a result of getting comment spam. Perhaps there’s something to be said for spam. People wanted to see examples:IP Address: 219.93.174.108
  Name: Nicholas Moore
  Email Address: Sean@gawab.com
  URL: http://belikethesquirrel.myblogsite.com/..
  
  Comments:
  
  It’s the first time i ran through your site and I found it very informative and interesting. Nicely done! rare pieces questioned for a long time: http://www.i-marco.nl/weblog/archive/200.. , There was once this guy

  
  

• At 06 October '05 - 02:35 Jason Beaird wrote:

  

  Now I don’t feel so excluded anymore. I’ve been getting these non-spam spams for a while..but none of them had your link in them. Here’s mine and it looks like it’s in the same IP range as “Another Andrew“s:
  
  IP Address: 219.93.174.106
  Name: Timothy Drake
  Email Address: Juan@chello.nl
  URL: http://www.i-marco.nl/weblog/archive/200..
  
  Comment:
  I really liked your comments here. I hope you’re going to update your site soon. Soft voice over the net: http://www.nvswaminathan.com/wp/?p=2 , Keep scrolling down for pastry cream recConsequentlyipe
  
  Argh… This is crap.

  
  

Got something to add to this?

Feel free to leave a comment on this site. You can use Textile and Emoticons. Your email address is only used to show a gravatar. Please stay on-topic and use common decency. Spammers will be shot in front of a live studio audience.

If you plan on posting code, use pastebin please and post a URL to the code. The comment processing doesn't deal very well with code. Sorry for the inconvenience.

Human comment spammers: don't bother posting your crap here. Comments are moderated and I won't let any of your shit through.

Trackbacks

• Earlier musings
• Week In Links: a WordPress plugin for link digest posts (0)
• Technorati: What happened to you? (1)
• Some random thoughts about the iPad (1)
• Bookalicio.us version 2.0: an attempt to design the prettiest book blog on the net (3)
• Me, version 2.0. Released! (13)
• PreDevCamp SF Bay Area at Palm HQ - a videoblog (6)
• Me, version 2.0, almost done (2)
• Why I choose the Palm Pre to be my next mobile phone (6)
• What's up with the blogosphere lately? Tired of list-posts! (11)
• Create your own Twitter image badge with PHP (12)
• Five reasons why I hate Facebook (with a passion) (90)
• 5 things MySpace could do to improve Profile 2.0 (1)
• MySpace looking mighty fine with Profile 2.0 - How I built a MySpace profile that doesn't suck (3)
• 10 awesome Tumblr themes (7)
• A post to make sure my blog gets banned in China (9)

• Tumblr
• My son, enjoying a small baby snack in the park.
• My mom’s on Facebook. Is yours?
• Photo
• Seriously, Canada?
• Hakone Gardens, Saratoga CA
• Photo
• Funny joke in Mass Effect 2.
• Best. Game. Ever. The Avatar of videogames.
• The ePad. WIN!
• An iPhone. Astroglide. Not sure if I want to know what happened...
• HumorEarth.com - Photos Of Our Friends Dogs Doggies make me...
• Photo
• Ask me anything...
• Photo
• visit me on Tumblr

• Tag Universe
• ajax apple blog bloggers blogging blogosphere blogs blogspam browser browsers clock comment_spam css design dutch firefox flickr google hype internet islam javascript mac mint pagerank performance photography php php5 pivot pivot-blacklist pivot_blacklist powerbook programming prototype rails referrer+spam referrer_spam rss spam spammer spammers taggerati tags technorati template trackback typo usa variable virb web+2 web_2 weblog weblogs website wordpress xhtml xsl yui (all)