The Net is Dead

Marco van Hylckama Vlieg on web technology, design, life and everything

Some updates on the pollution spammers

'Test your Type!''The Net is Dead, long live the …'

Filed under: cyberspace

Number of comments: 18

Number of trackbacks: 2

Tagged with: blacklist,blogspam,comment_spam,commentspam,linkspam,spam

meta info

Monday Sep 19 2005

Earlier I wrote about a link spammer who seemed to be targeting me by sending out comment spam with links to my website (this particular article). After some emails between me and Ann Elisabeth, a.k.a. SpamHuntress it seems this spammer is not targeting me personally but engaging in a general attempt to pollute centralized anti spam blacklists. At least I can't think of any other purpose.

Affiliate program available

Affected sites

I've found at least two other sites that have been affected by this new type of spam:

• Cosmic Buddha
• Angy Pirate

Both posted a comment below this article on SpamHuntress.com which is how I found out about them. These sites and my site are completely unrelated which is why it led Ann Elisabeth to believe this is some sort of general attempt to pollute and disturb our tools to prevent comment spam.

What you can do to help

First of all, DON'T blacklist my site and/or the other sites affected by this idiot. The owners of these sites have nothing to do with the spam. Also, if people start blacklisting legitimate sites such as mine and the ones listed above the spammers will have won already and our lists will be polluted. Secondly, if you find any spam on your weblog that looks like it's part of this pollution run, let me know about the IP from which the spam originated. I will try to use this information to get behind the identity of this spammer and expose him (or them) to the world.

How to prevent this kind of spam

This new emerging kind of 'pollution spam' shows that centralized blacklists with domains to block are a dead end, simply because the spammers are starting to pullute them, rendering them useless. In my own anti-spam package for Pivot, Pivot-Blacklist, a centralized blacklist is used as a last resort. 99,9% of all spam attempts on my websites get blocked before the blacklist gets used at all. Automated spam can easily be blocked (for now) by applying one of the following techniques:

• Hashcash: A javascript solution by Elliott Back. Available for WordPress and added to Pivot-Blacklist by me.
• Use Captcha's (visual confirmation, plugins available for various blogs)
• Use Owen's Spam Action (adds a special field to your comment form to fool automated spam bots. Available for various blogs)
• Use other types of 'turing tests' to distinguish humans from spambots. The question you have to answer in my comment forms is an example of such a test

If you use one of these techniques you'll easily block automated commentspam even if it contains sites that aren't (and shouldn't be) blacklisted on any centralized blacklist.

Update

Things are getting worse. Remember when I found the first occurence of spam pointing to my site on matrixsynth.com? On this website I found the same type of spam linking to... matrixsynth.com! I posted a comment below this spam infected entry there telling them about the spam. At the moment of this writing the spam is still in place on the page.

There's a serious problem emerging in the blogosphere which is going to be here to stay as long as people don't install proper anti-spam tools that prevent ANY automated commentspam and not just commentspam that happens to be triggered by a (centralized) blacklist.

Some extra tags: blogspam, linkspam, commentspam.

Affected sites by this spam run identified by me so far

• belikethesquirrel.myblogsite.com
• matrixsynth.com
• ideastorm.com
• Cosmic Buddha
• Angrypirate.com
• Andrew's Blog

Some useful resources:

• SpamHuntress Wiki (excellent resource!)
• Chongqed.org Wiki (another great resource!)
• Pivot-Blacklist
• WordPress anti-spam tools
• SixApart (Movable Type) on combatting comment-spam

Also check out This article on SEOBlackhat.com.

small update: I just noticed this article is being linked from several link digests all of a sudden. Very nice! So while you're reading this anyway, take a look at my view on centralized blacklists and other current anti-spam techniques.

Commentary

Join the discussion! Leave a comment through the comment form below!

• At 19 September '05 - 13:00 Simon wrote:

  

  It’s really pathetic… I hope they realise this won’t help a bit, since – as you explain above – the centralized blacklist is the least effective check in for instance your blacklist.
  
  If you need any help tracking those assholes down, just yell.
  
  By the way, your lay-out is f*cked in Firefox over here…

  
  

• At 19 September '05 - 13:33 Marco wrote:

  

  @Simon> I don’t see any problem here. Firefox as well.

  
  

• At 19 September '05 - 20:35 Morpurgo.nl wrote:

  

  FF here and all looking fine ;)

  
  

• At 19 September '05 - 20:38 Simon wrote:

  

  Yeah, I was at school… Never mind…

  
  

• At 20 September '05 - 19:08 stefan wrote:

  

  of course, school installations of firefox always show websites scrambled…
  
  eh? ;)

  
  

• At 20 September '05 - 19:29 Marco wrote:

  

  Firefox 1.0.x has a rendering bug which occurs on this site. Resizing the windows ‘fixes’ it. In Firefox 1.5 beta 1 this bug seems to be fixed so it’s going away soon.

  
  

• At 25 September '05 - 13:15 Manni wrote:

  Hi Marco,
  
  this is very bad news for the community. I’m glad we haven’t seen this kind of stuff for chongqed.org yet.
  
  I would like to ask you to remove the link to the seoblackhat jerk. We shouldn’t be promoting him in any way.
  
  Manni

  
  

• At 25 September '05 - 23:46 Marco wrote:

  

  Manni, I’m afraid I have to disagree with you on SEOBlackhat.com. In fact it’s very nice that someone is at least open about what he’s doing and more important: how he’s doing it. SEO Blackhats exist and they aren’t going away any time soon. It’s a fact we all have to accept.
  
  The fact that there’s a site that unveils some of their ways is actually rather nice and can provide new insights in terms of preventing spam on our blogs. Because the articles on SEOBlackhat are quite interesting, also from a technological point of view, I decided to have a link to it. Something can be interesting even if we don’t agree with it, can’t it?

  
  

• At 29 September '05 - 14:13 Nicolai wrote:

  

  The same spamrun is actually targeting blogs run with b2evolution. And andrewsblog.net unfortunately just made it onto the central b2evo-spamlist.

  
  

• At 29 September '05 - 14:17 Marco wrote:

  

  That sucks!! Did anyone notify the maintainers of that spamlist about this issue?
  
  If they start adding legitimate blogs to the spamlists it really means the end of such lists is near…

  
  

• At 29 September '05 - 15:28 Nicolai wrote:

  

  I´ve put a note on the b2evolution-Forum. Half an hour later someone had removed andrewsblog.net from the central blacklist.
  But everybody who has updated his blacklist while Andrew´s Blog was on it, now has to remove it manually from his lokal blacklist.

  
  

• At 29 September '05 - 21:12 kwa wrote:

  The following behavior filtering appears to be interesting (I haven’t tested it yet):
  
  http://www.ioerror.us/software/bad-behav..

  
  

• At 03 October '05 - 23:50 Mike wrote:

  

  I’m getting these spams linking to you guys. I believe the real culprit may be http://www.. homeinsurancequotes. org / sitemap.html , which appears in most of the spams (but not all) and which is definitely a spam site, not a blog.
  
  The IPs are all different, so they’re probably hacked zombie Windows machines.
  80.58.4.46
  195.39.170.102
  200.189.80.7
  83.103.70.58
  66.251.61.118
  219.93.174.108

  
  

• At 03 October '05 - 23:52 Mike wrote:

  

  Is there any way you can unlink the homeinsurancequotes link so it doesn’t get traffic/PageRank from my comment?

  
  

• At 04 October '05 - 00:14 Marco wrote:

  

  Yeps! I just ruined the URL in order to disable it while retaining the information.
  
  I haven’t seen this URL in the ‘pollution spams’ myself. Do you have some examples?

  
  

• At 09 October '05 - 16:54 Kathleen Fasanella wrote:

  

  Here’s my update, got hit this morning; two with your links (one from cosmic buddha)
  —so sorry
  
  IP Address: 211.200.98.110
  Name: adam freeman
  Email Address: loganatgawab.com
  URL:
  http://www..i-marco.nl/weblog/archive/20..
  Comments:
  
  i really am impressed by your site. very original & interesting
  content. out little pieces of bread and cups of juice:
  http://www..i-marco.nl/weblog/archive/20..
  
  http://www..snowhill.org/weblog/Jason/00.. revelations of john

  
  

• At 10 October '05 - 17:54 Fellow Passenger wrote:

  

  About 99 percent of the comment spam I receive is obviously created only to pollute the blacklists. One linking your blog originates from 219.93.174.108. There were more, but the IP numers are already purged from the logs.

  
  

• At 11 October '05 - 04:57 elran wrote:

  the first 2 comments were added to my site today and the 3rd was about 3 weeks ago:
  
  ——————————— [1] —————————————-
  
  Name: Charles Miller | E-mail: Kenneth@chello.nl | URI: http://www.allucher.com/sato_blog/archiv.. | IP: 83.103.113.102
  
  Great blog. It’s nice to be here! Coin World magazine: http://daisylady.bravejournal.com/entry/.. , About a year ago I started
  
  Posted Oct 10, 4:18 AM
  
  ——————————— [2] —————————————-
  
  Name: Austin Ballard | E-mail: Sean@gawab.com | URI: http://www.i-marco.nl/weblog/archive/200.. | IP: 212.227.60.85
  
  Cool stuff. Keep up the good work. Keep scrolling down for pastry cream recConsequentlyipe: http://www.vespaquest.com/2005/10/post.h.. , rare pieces questioned for a long time
  
  Posted Oct 10, 3:34 AM
  
  ——————————— [3] —————————————-
  
  Name: Nathan Blanton | E-mail: Sean@internet.com | URI: http://www.andrewsblog.net/?p=40 | IP: 200.54.176.21
  
  Your site is a very nice source of info. Naked truth: http://interactive.usc.edu/members/stude.. , So without further delays
  
  Posted Sep 21, 12:26 PM
  
  —————————————[end]————————————-
  
  hope this helps you catch the guy…

  
  

Got something to add to this?

Feel free to leave a comment on this site. You can use Textile and Emoticons. Your email address is only used to show a gravatar. Please stay on-topic and use common decency. Spammers will be shot in front of a live studio audience.

If you plan on posting code, use pastebin please and post a URL to the code. The comment processing doesn't deal very well with code. Sorry for the inconvenience.

Human comment spammers: don't bother posting your crap here. Comments are moderated and I won't let any of your shit through.

Trackbacks

• Earlier musings
• Mass Effect - The best Space Opera of all time (2)
• Yup, Yet another JQuery Accordion Plugin (81)
• Week In Links: a WordPress plugin for link digest posts (1)
• Technorati: What happened to you? (1)
• Some random thoughts about the iPad (1)
• Bookalicio.us version 2.0: an attempt to design the prettiest book blog on the net (3)
• Me, version 2.0. Released! (15)
• PreDevCamp SF Bay Area at Palm HQ - a videoblog (6)
• Me, version 2.0, almost done (2)
• Why I choose the Palm Pre to be my next mobile phone (6)
• What's up with the blogosphere lately? Tired of list-posts! (11)
• Create your own Twitter image badge with PHP (13)
• Five reasons why I hate Facebook (with a passion) (176)
• 5 things MySpace could do to improve Profile 2.0 (1)
• MySpace looking mighty fine with Profile 2.0 - How I built a MySpace profile that doesn't suck (3)

• Tumblr
• Popaganda
• "I come across as miserly because after nearly dying I have realized that life can be taken away at..."
• "I refuse to believe in a god who is the primary cause of conflict in the world, preaches racism,..."
• Photo
• somethingintellectual: This too, kay? The zombie apocalypse is...
• Search terms in the access log of Bookalicious.
• Photo
• "Moderate drinking, which is defined as one to three drinks per day, is associated with the lowest..."
• *SIGH*
• Hope. Delivered.
• Gran Turismo 5 porn
• The best mobile OS on the planet is getting even better!
• stfuteabaggers: revolutionnow: technipol: Clay Bennett does...
• Photo
• visit me on Tumblr

• Tag Universe
• ajax blog bloggers blogging blogosphere blogs browser browsers clock cms code comment-spam comment_spam css design dutch firefox flickr google hype internet islam javascript mac mint pagerank performance photography php php5 pivot pivot-blacklist pivot_blacklist powerbook programming prototype rails referrer+spam referrer_spam rss spam spammer spammers taggerati tags technorati template trackback typo variable web+2 web_2 web_development weblog weblogs website wordpress xhtml yahoo yui (all)