A new trend in blog spamming?

Anyone else notice that there seems to be a new trend in blog spamming these days? I’ve gotten several comments lately that were obviously spammed as the reply consisted of something like, “That’s an interesting article. I’m sure I’ve read something similar on another site. I’ll look it up and get back to you.” That would be a passable comment except that it shows up on three or four different entries that are totally unrelated.

In the past the link always pointed to some commercial website, but now the links point to what appear to be actual blogs. If you edit the URL down to the base domain (these blogs are almost always in subdirectories) you end up at a commercial website. Often the entries on the blog are just this side of coherent so it seems like these people are setting up fake blogs so folks won’t blacklist the URLs they’re leaving behind. Though it’s hard to say whether this is actually an attempt to sneak in comment spam or if it’s just someone using comment spam to hype a real blog hosted at a commercial website.

Either way I’ve been blacklisting them as they appear for the simple reason that they’re not really contributing to the discussions they’re spamming. I’m not submitting the URLs to the MT-Blacklist Clearing House, though, on the off-chance that these are legit blogs. Has anyone else noticed this lately? How are you handling it?

12 thoughts on “A new trend in blog spamming?

  1. I’m checking the URLs; but most of the ones I get tend to have casino links in them. When I get a series of these links from the same IP or IP range, I look into banning that IP.

    Comment registration can’t come fast enough.

    H’m. That gives me another idea to suggest to the MT team. Let people have registered comments, but also allow unregistered comments - just with the unregistered comments, no URL dislays with their post name. That would make blogspamming kind of useless.

  2. Absolutely. I’ve been getting many portugese rambling entries. They’re trying to generate traffic and improved ratings in google, blog trackers, et al.

    I believe my spam is being triggered when I get listed in fresh.blogspot.com as a newly updated site.

    I am still able to delete/ban manually, but it’s going to get worse.

    I’ve seen some sites with capchas on their comments already, which are currently pretty effective at blocking hacked-together bots like this (as well as effectively blocking those with visual imparements).

    I think if you just add a question below URL like this:

    What is four times 5?

    And just manually change it if you happen to get a spam, that’d kill most of it. It wouldn’t stop blind visitors from commenting, either.

  3. If fake blogs are setup, and they are done real well, then you wouldn’t be able to tell the difference.

    Luckily setting up and publishing to a blog is (manual) work, and most spammers seem to rely on automation

  4. Having read one of Les’s earlier posts, I pulled down and installed Drupal, just to have a play. Ironically, my biggest complaint was that you needed to register to comment, so in the little test implementation that I did, I hacked my current comment system in there.

    The register/don’t register is certainly a tough one.

  5. In the past few days I’ve had over 20 “new” (i.e. not on the blacklist yet) spam comments.  One actually started at the first post in my archives and was merrily marching through them until I banned him.

    I’ve also had a “fake blog” or two show up.  I ban ‘em.

    D

  6. Trying to ban spammers seems like a battle that you will always eventually lose.  Maybe comment registration will help, until people write scripts to create accounts.

    Maybe it is time, as some have suggested, to make comment spamming useless.  Obfuscate the URLs they post using a redirect script.  Then, since they are never actually linked to, it won’t help their rank in google.

    I’m working on a commenting system on my blog to get rid of squawkbox, which is fairly lame.  These are the features that will be built into it, from the bottom up:

    1. Black list
    2. Posted url obfuscation through redirection
    3. Comment throttling

    Eventually, if I ever have time, I might think about registration system, with each registration okayed by me explicitly.  This would allow someone to post urls that don’t get obfucscated through redirection and get around the throttle limit.

    Anyone else have suggestions for what to build in?  Is there a blacklist format that I should use perhaps?

  7. I still think the ‘human test’ is better than registration. Registration can be automated. Capchas and questions like ‘What is 7 plus three? ___’ filter out most spammers for the moment.

    Capchas are only thwarted by spammers at the moment at the free-email registration level because there is enough to gain that they are worth having manual labour typing the capcha responses.

    Blog comments aren’t worth it at the moment, so a simple human-check-question would go a long way.

  8. Unfortunately, the “fake blogs take work” solution isn’t, really.  There have been cases where the scum simply copied existing blogs, redid the underlying links to point to their vile products, and then used those as the basis for comment spam.  Feh.

  9. I got one today for a casino as well - it threw me for a second though, becasue the text was only “Just testing! Ignore please” Then I looked at the URL and email and figured it out. He only hit one entry though.

  10. Speaking of comment registration, Wil Wheaton has something like that implemented…you have to enter a number that looks like it’s dynamically generated and placed in an image file above the comment box. No matching number, no comment.

  11. I had someone leave comments yesterday that were not only reasonable, they were relevant to the post where they were left.

    The only sign of spam was in their return address.  I don’t post addresses, so it didn’t show online - but I found it an interesting tactic.

    For what it’s worth, if someone is going to read the post well enough to add something that seems useful, the dynamically-generated number isn’t going to do the trick.  It’s actually a lot faster than reading the post…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.