Disturbing Trends in Blog Spam

4 Flares Google+ 0 Twitter 0 Facebook 0 Reddit 0 StumbleUpon 0 Pin It Share 4 LinkedIn 0 4 Flares ×

I Hate SPAM!Lately I’ve noticed some new and disturbing trends in blog spamming techniques. Among the most prevalent are commenters who spend time building up a considerable number of comment back links on a seemingly non-commercial site in order to later convert that site into a commercial free-for-all.

This behavior is inherently unethical. Bloggers, like myself, only allow links to be associated with commenter’s names for the purpose of getting to know who they are, not so our visitors will follow links only to be subjected to commercial solicitation. Posing as legitimate is nothing new, spammers have been faking regular commenter names for a while now.

On this blog, my own Terms of Use specifically prohibit such activity – though I have to delete posts all day, every day for violating them. On this blog alone Akismet has marked 71,000 Spam comments. And that is nowhere near the total number of Spammers stopped.

Donncha has recently noted that a good way to determine if a comment is Spam is to look and see where the spammer came from. If you pay attention to your e-mail notifications you can use his Comment Referrer plugin and clearly see when someone arrived on your blog as a result of a search for specific keywords. Any time you see that, you ruthlessly mark the comment as SPAM (I think Akismet should actually do it automatically)!

Unfortunately those of us that moderate comments by hand on the Edit Comments page don’t get the benefit of seeing where the comment came from to help make the determination as the plugin doesn’t store the data. (Perhaps someone can add that function to Donncha’s referrer plugin?) So instead we have to use the tools at our disposal. And one of those tools is the IP address.

Trace Route 1I’ve got a situation right now where I have at least two different commenters with legitimate sounding names, leaving legitimate sounding comments (but very short and very frequent), and both linking to blogs that have nothing more than a “coming soon” page on them. That raised a red flag with me. Seems like if you don’t have a site yet, you don’t need a link. Who knows what is going to be added to that later…

Trace Route 2So, after doing an IP trace route on the comments, it turns out they are coming from the exact same locale in Dearborn, Michigan. I don’t know about you, but that’s just too coincidental for me.

Additionally, I did a Whois and the domains are registered to completely different people. So, with all of those red flags I had to remove all their comments and mark them as Spam.

In a separate but related instance I noticed that two other fairly regular commenters here, who seemingly had no ties to one another, all of a sudden had commercial advertising between one another’s sites. This is in addition to the fact that those sites, which previously appeared benign, were beginning to appear very commercially motivated.

Again, I decided to do a little investigation and found that the Whois data reported they were owned by people whose names did not even match the domain, and Trace Route data indicated that these comments are coming from India – from two “women” with absolutely American sounding names… yeah, right. So in keeping with tradition all of those comments are now gone as well.

The moral to this story is that spammers are now beginning to develop personas and plan way ahead in order to build up traction to commercialize a site, and they have zero respect for legitimate authors with a hard earned Web presence. Bloggers need to keep a constant vigil on not only new commenters, but old comments as well. In addition, I have a feeling that my Top Commenter’s plugin is contributing to the fact that these leaches are targeting OMB, so I’ll likely be adding the “nofollow” attribute soon.

Article Written by
John P.

John P. is CEO of Livid Lobster and co-host of Geek Beat TV. You can also find him on Twitter, Facebook and Google+.

Comments

  1. Jeff says:

    John,

    I just happened to stumble across this post while I was doing a keyword search for “article marketing” which sort of ties in with Debi’s post! What I was really curious about is the post by Frankie C. about people being able to hijack the top commentator position. I use Akismet as I’m sure most people do, but is it really that vulnerable? I was just beginning my research for plugins to manage and track the posting tasks for my blog but now I’m really curious about what Frankie is talking about. I currently use DISQUS for commenting. Can you shed some light on this?

    Jeff

  2. Amy Firth says:

    I’m in exactly the same situitation as you Steve. I would comment on this blog just because I enjoy the participation and I think that if someone can be bothered to write a blog, it’s good manners to reply if we have an opinion on the subject matter.

    I have noticed that my comments have been moderated in many of the blogs I enjoy commenting on, and my website is one that I’ve (badly) written myself as a hobby, and again, I think that it’s easy enough to verify via Who.is etc.

    I’m a poor medical student from the UK, not a commercial backlink builder from India, and I understand that while you have to be strict with spam (after all, it’s the quality of your blog that is at stake) I hope that the reason you allow links to sites in names is to reward loyal readers?

  3. irene says:

    What is captcha code?, pls provide me captcha code codes or plugin, Thanks in advance.

  4. wilfred says:

    Hi there, I found your blog while searching for first aid for a heart attack and your post looks very interesting for me.

  5. Frank C says:

    There is a bug in the Top Commentators plugin that allows someone to hijack an existing Top Commentator even from the Akismet bin. The query that finds the top commentator doesn’t exclude moderated or spammed comments and this makes it possible for an impostor to hijack the position. I’ve modified this on my blog and made a patch available for it.

  6. 3gp says:

    Spammer find new way of spamming every time. I have noticed this happens to me many times and i got alot of junk emails too. But from blog point of view a human moderator is must to keep the blog spam free the tools you noticed do fair job in helping the human moderator but some how they can by-pass the system for this you really need a human moderator.

    A Non-follow tag will help keeping the spammers away.

  7. BryanSD says:

    This is always an ongoing battle. I think most of the spam filter methods (such as Akismet, CAPTCHA, etc) work well in keeping the bots out but still doesn’t address the human spammers very well. I like to give those “legitimate sounding but something is not right” comments the benefit of the doubt, but it’s embarrassing when you find that the comment you’ve approved is actually sending your readers to a place they really would rather not visit.

    I had about a two week period where someone was spamming my “Contact Us” email form and bypassing every type of filter I tried. I was not a happy blogger those two weeks. It’s really too bad a few abusers have to ruin it for everybody else…

    Keep up the good fight,
    Bryan

  8. Mistergin says:

    Tom,

    That’s actually a pretty killer idea.. It doesn’t really work for the “top commenters” plugin, but it would make for a cool extra bonus plugin for approving comments. I installed the referrer one John mentioned earlier (and it’s cool) – that would go in the same vein I imagine.

    Like John mentioned, sometimes folks get in good enough to pass the “what are they really here for” test and then secretly switch it up.

  9. Tom Barr says:

    It will be an ongoing battle. Right now blogs like this are very desirable by spammers as most blogs blindly assign nofollow to all comments. I believe good comments are good content and should not be nofollow. It’s too bad blog software and blog moderators aren’t more thoughtful in the nofollow decision; if a comment is moderated and approved it should not be nofollow.

    I appreciate John’s thinking things through and allowing follow links but I really do this cause I like to see my own comments. :D

  10. Derek Wong says:

    Eck spam is not fun. Personally, since all links are nofollow on my site I’ve actually leaned towards letting real people leave comments even though they’re linking to some commercial site. I’ve weighed the possibility of removing their link, but I’ve just decided to forget about it. However, I get spammed on a much smaller basis (only about 11,000 comments as of just now) compared to you. Plus I don’t have the top commentators incentive for spammers.

    It’s too bad, I thought that your use of the top commentators with regular links was a nice touch to your site!

  11. Mistergin says:

    John,

    That’s a shame bud, I know how you feel. I use the same top commenters plugins on all of my blogs that you do and often get the same comments. Usually you can tell that they’re too general to be real, but some of them aren’t.

    I then have to make a real painful evaluation as to whether someone who runs a commercial site (and it’s even harder when it’s not a blatantly commercial site like “make millions online!” etc) is really interested in commenting or just getting approved once so they can make the following comments for free.

    Currently I just keep the rule that one comment must be moderated before you can post willy nilly.

    I’ve stripped URLs or blatant plugs out of a comment if it still has merit. But I know that plugin is the source of some.

    Still though, because I’ve got a PR5, I’ve actually heard from a couple commenters that they enjoy coming and leaving comments not necessarily to “game” the system, but because it offers them a “reward” for contributing.

    I like the thought of “rewarding” contributors with good comments. Kind of like you do with your prizes. It feels good to add value to someone’s site, and also to receive a little bit back. I like the comment system because it’s a very subtle way to give back to those coming to mine.

    Hopefully you can find a middle way so that you don’t have to add nofollow. I’ve pondered it before, but I hate the idea of shortchanging visitors that way. Not that it’s their dollars paying for the blog or writing the content. But it still seems like such an easy trade.

    So I feel your conflict. Here’s an imaginary beer for you and other bloggers who try to pay it forward :)

  12. John P. says:

    Debi,

    You aren’t doing anything wrong. Spammer activity has a different pattern than your activity. Here are a few key points:

    • You actually used your name when you commented, and when I follow the link to your site I can see who you are on your About page. Spammers use keywords that go to sites filled with commercial messaging.
    • You actually posed a complete and logical question. Spammers will put in a one sentence comment, usually a compliment of some kind.
    • Your IP address traces back to Alltell’s Internet connectivity here in the US. Much of the spam activity I see comes from India.

    As long as you don’t get to a point where your Web site looks like one giant advertisement and your only goal with it appears to be making money, you’re OK!

    Another way to think of Blogs is like they are someone in your neighborhood’s front door. If you go over to meet them and strike up a friendly conversation that happens to mention your job that’s no problem. You’ll probably make a friend. But if you go to your neighbor’s house and start trying to sell them on a Multi-level Marketing scheme, you’re probably not going to be invited back. :-)

    People forget that Blogs are someone else’s hard work and intellectual property, and they think that they have a “right” to paint them with whatever commentary they choose. That is what I object to personally.

    Take care, and welcome to the OMB community.

    John P.

  13. John P. says:

    Jamie,

    In the options tab in the Admin panel of WordPress there is a tab called Discussion. Plug those problem IPs in the Comment Blacklist area and they will never get through! :-) I’ve done it many times and it works like a charm.

    John

  14. Dude! I actually BOUGHT some spam and ATE it this weekend – I’m serious! I don’t know what got into me! LOL! Really, though, with such a highly-trafficked blog, I would think you’d have to no-follow the top commenters. Freakin’ bloody spammers – ruining things for everyone. And hackers, too. I’ve had some friends hit by hackers lately. And it got me to thinking about the fact that if you open up a brick and mortar store, you don’t have to constantly defend it from strangers who are trying to take you down just for the sake of taking you down. It’s just so nuts.

  15. Jamie Harrop says:

    I’ve noticed a lot of spam comments coming from one particular IP.

    I use the Live WordPress plugin to track my traffic live. Right now, of the 15 comments that it shows my blog has received in the past few hours (all spam), 11 of them are from the IP 77.91.227.181. This isn’t just a one off event. 24 hours a day, 77.91.227.181 pummels my blog with spam.

  16. You know, I was thinking that the comment referrer information could be stored in the postmeta record of the post. Hopefully I’ll get to that today. It would be really useful.

    Good work exposing those guys. If I have any doubts I scrub them, or just rely on the Lucia plugin to hide the url!

  17. Debi says:

    I have a question regarding your comment about “when someone arrived on your blog as a result of a search for specific keywords.”…you say these folks should be marked as SPAM.

    As someone fairly new to blogging (as the world of blogging goes), I spend a lot of time, especially as I build my website, looking for specific keywords in blogs so that is how I typically land on MANY of the blogs I comment on. I use the keywords so I can locate quality links, interesting articles or, in your case, ways to market that will assist in getting my site seen by more people.

    Did I miss something or would someone like myself be seen as spam according to what you were referring to?

    Thanks!
    Debi

  18. RHB says:

    I to have been moderated here, but John has graciously offered to review my posts after akismet got done with them.
    As an aside my internet provider uses a proxy server which has prevented me from contributing to certain sites such as Wikpedia.

  19. It’s a shame that spam seems to be so prevalent.

    I have been a regular commenter on the blog in the last month and noticed that some of my comments had been moderated. I also noticed that the blog wouldn’t take posts from my work PC and wonder if that may be as a result of the firewall/proxy system they use there?

    It seems that I now have pride in place in the top commentators section, but will my link greyed out (before posting this, will wait and see).

    Just for the record, the link I use is to a site I wrote myself and is a hobby. Easy enough to verify that from Who.is.

    In my real life, I am an accountant (well actually Liquidator, bankruptcy trustee!). We all have to make a living somehow.

  20. Chris R. says:

    Phew, what a pain in the royal behind! John, if you ever need to take a break, feel free to visit my site, which sells natural male enhancement, subprime mortgages, and gives away free Xbox 360s ;)

Speak Your Mind

*

4 Flares Google+ 0 Twitter 0 Facebook 0 Reddit 0 StumbleUpon 0 Pin It Share 4 LinkedIn 0 4 Flares ×
We Need Your Help to Keep Producing Quality Content! Support Livid Lobster!