Here’s another comment spammer whose software plugged in every phrase on its generic comment list instead of picking one at random. Notice how vague these tend to be, so that they could easily apply to almost any post on almost any site.
If you see any of these comments show up on your blog, chances are good that it’s a spammer trying to get a backlink to their shady site, not someone who actually wants to contribute to the conversation.
You’ve probably seen it: comments that say something entirely vague and either flattering or condescending, that could apply to just about any article. And then they link to an “escort” site, or a pill seller…or some small-town insurance office in the middle of nowhere who hired a black hat “SEO expert” who promised he’d get them backlinks and doesn’t care about the site’s reputation.
I got a great one last week: Somehow instead of getting one randomly-chosen message from a set, I got all of them in one comment. I ripped out the link, but posted it as an example on LOL Spam.
If you see any – or all – of these comments on your site, it’s a safe bet that the commenter isn’t interested in having a conversation.
I saw a license plate today that read,
I ♥ SPAM
I was a little surprised, but then I saw the “Made in Hawaii” plate holder and realized they were talking about the lunch meat.
*whew!*
In clearing out my spam folder today, I found the following message:
Bad Link on hyperborea.org
Dear webmaster,
There was a link that didn’t work for me on this page of your website, http://www.hyperborea.org/flash/flashpoint.html. It points to a Constitution Day page that doesn’t seem to be there any more, [link removed].
We published a great resource on the U.S. Constitution Day on Online Law School.Net: [link removed]. It would make a great addition to your resources and replacement for the page that no longer works.
Sincerely,
Maddie Bryant
[email removed]
On the surface, it sounds like a reasonable message. If you’ve got a broken link, then you want to know, and hey, if they’ve got an alternative, so much the better, right?
But here’s the thing: The broken link isn’t on the page. I don’t think I link to that page anywhere on my site. There is a reference to the 22nd Amendment, but not to anything about Constitution Day.
In short, it’s another form of link swap spam based on automatic keyword matches with no real intelligence to it.
That’s not really something I want to be linking to.
I’ve been seeing a lot of those “I just found your blog by searching and it’s the best thing since sliced bread” comment spams lately, some even slipping through Akismet. But this one was just hilarious in its unreadability:
Virtuous what I used to be in search of and quite thoroughgoing as floor. Many thanks for placard this, I noticed a yoke diverse associated posts but yours was the optimum thus far. I outlook it stays updated, adore worry.
For the past year and a half I’ve been posting funny spam quotes at @LOL_Spam on Twitter. A couple of weeks ago, I finally set up a website as a central profile and hooked it into Facebook and Buzz.
So now you can follow daily humor pulled from real spam in three ways:
For now, the older quotes (before November 2010) are only on Twitter, but eventually I plan on importing them to LOLspam.net. I figure WordPress 3.1′s built-in support for asides would make it an ideal platform to create a searchable archive and still tie into the same networks.
Last week I installed Ozh’ Spam Magnet Checker. It’s a WordPress plugin that looks through your spam folder, groups the spam comments by post, and shows you a pie chart of the posts that attract the most spam.
Aside from satisfying curiosity, it can give you an idea of what types of posts spambots like on your site. Also, if you find a particular post tends to get lots of spam but hasn’t received legitimate comments in a long time, you can close comments on that post, cutting off the chance that something might slip through the filter.
I ran it for a week here on K-Squared Ramblings and Speed Force. (It looks at the current spam folder, which I usually clean out every time I check for false positives, so I had to let it sit for a while.)
I was sort of hoping for something more obvious, but instead it’s a fairly smooth distribution. The top posts don’t get that much more spam than the next tier, or the next after that. Though I’m kind of surprised to see the Babyon 5 Lost Tales post so high on the list.
At first glance, the chart for Speed Force looked even smoother. The top post only accounted for 2.3% of the week’s spam.
Then I looked down the list. See all those posts starting out with “Quick Thoughts…”? Those are all old Twitter digests, back when I was still archiving them. They’re a mix of old links and old time-specific remarks, and chances are that any useful comments were made more than a year ago — on Twitter, before they were imported. All together, these old Twitter digests were pulling in 16% of the spam targeting Speed Force, on a class of posts that only made up 6% of the archives.
A nice trick, considering I had already closed comments on all of them. It turns out, spammers have been sending trackbacks to these posts. I’d never really noticed the pattern before, but now that I know, I can close pings on them as well.
That was the main thing I discovered by giving the plugin a week’s worth of spam. YMMV.
(Tip of the hat to Weblog Tools Collection for pointing me in the direction of this plugin!)
I found a sneaky type of spambot this morning. It was impersonating regular commenters on Speed Force, using their names and (at first glance) email addresses to blend in.
The names weren’t terribly surprising, but the email addresses were. Where had it gotten them? WordPress shouldn’t reveal them, unless there’s a bug somewhere. Was one of my plugins accidentally leaking email addresses? Had someone figured out a way to correlate Gravatar hashes with another database of emails?
As I looked through the comments, I realized that in most cases, it wasn’t the commenter’s usual email address. Here’s what the spambot was doing:
The actual content (if you can call it that) of the comments was just a random string of numbers, and the site was a variation on “hello world,” leading me to suspect that it might be a trial run. Certainly they could have been a lot sneakier: I’ve seen comment spam that extracts text from other comments, or from outbound links, or even from related sites to make it look like an actual relevant comment.
I’d worry about giving them ideas, but I suspect it’s already the next step in the design.
Update: They came back for a second round, this time here at K2R, and I noticed something else: It only uses the first name for the constructed email address, but does so naively, just breaking the name by spaces. This is particularly amusing with names like “Mr. So-and-so,” where it creates an address like mr@example.com, and pingbacks, where the “name” is really the title of a post.
Some suspicious pingbacks this morning tipped me off that there’s a splog (spam blog) automatically copying posts from K-Squared Ramblings to their own site. I sent them a complaint this morning, but they don’t seem to care much: They’ve scraped the RSS feed again, and reposted the same 15 articles nine times today!
It seems extremely likely that they’ll repost this article as well. If you’re reading this on “Attorney Legal Blog” (great irony there), the site is ripping off content from other websites — and clumsily, too!
For the record, the site doing the copying, which I won’t link to directly, is “www – dot – legal – dash – attorney – dot – info”. And it looks like a lot of other sites are being copied…just as badly, repeats and all.
Wow. Email addresses really do stay on spam lists forever. The postmaster account just picked up a non-delivery report for a message sent to a server that’s been offline for 7 years!
