Overall, the volume of spam attempts on my server have been down lately. Oh, I still get a steady stream, I delete over 100 comment spams (caught by my filters) each day. But I’ve seen fewer of the massive, server-squashing spam runs that hammer my web service with too many simultaneous connections, blocking out legitimate users.
On the other hand, I’m seeing a lot more attempts by spammers to poison the well. What I mean by that is that they are submitting bogus comments, full of non-spammy (but more-or-less random) content, and links to legitimate web sites. For example:
Name: Adam Baumann
Hi. Just letting you know that I enjoyed your site. when Soldier Double Game Lose: http://www.newscorp.com/ , to Bet Opponents you should be very Faithful Big Gnome becomes Industrious Plane in final , Superb Opponents becomes Superb Soldier in final Faithful is feature of White Circle
The comment is obviously gibberish, right? And the links are all to perfectly normal — in fact, popular — sites. You might wonder why a spammer would bother posting it. The idea is to poison the well of any sites which use Bayesian techniques to classify content as spam or not. By tricking sites into classifying “good” content as “spam”, they (theoretically) can reduce the effectiveness of the spam filters.
With enough poisoning, your spam filter may start getting false-positives, which are legitimate messages that have incorrectly been tagged as spam. And if you get enough false-positives, you’ll lose faith in your spam filter and disable it. At least, that’s what the spammers are trying to accomplish.
Will their plan work? I guess that depends on your particular spam filters. I’m betting that systems like Akismet, which collect data from a wide variety of sources, will probably be able to defend against Bayes poisoning. How? Well, there’s this thing called an IP address. Even though the spammers submit their garbage via an army of anonymous proxy servers and zombie machines, they still only have access to a finite number of hosts, a limited number of IP addresses. It won’t take long for those IPs to be statistically classified as sources of spam. An IP like 221.3.235.96 will be flagged as a spam indicator far sooner than the words “Industrious” and “Soldier”.
So once again I say, thank you, spammers. We’re learning more about you every day.
I’ve been getting a minor flood of the poisoning-the-well variety lately too (in fact, just deleted about a dozen of them out of my moderation queue). Not a big deal so far.
What I find interesting is that they’re the first wave of comment spam, as opposed to trackback spam, I’ve gotten in a dog’s age. I was under the impression that the proliferation of comment moderation/filtering had done in comment-delivered spam in favor of track/pingbacks. In fact, I shut off my comment auto-close plugin because of this, and sure enough, I didn’t get any spam bits via comments (at least, none that weren’t automatically blocked by my existing blacklist). This might represent a large-scale return to the comment form.
What works the best for me is keeping my spam word list fresh… I do get an occasional false positive. Spammers are just the bottom feeders, they will not be exterminated any time soon.
Pingback: lexrob.com
Pingback: Solarvoid » We should be allowed to hunt spammers
I’m getting the same kind of random spam posts, mainly linking to sites like digg, or engadget.
But then again, I use Akismet, and it’s catching all the spam, and so far no false positives!
Good luck..
Ah I’ve been wondering what the hell those sort of comments were.
So that’s why I was getting spam pointing to websites I sometimes use! Akismet still caught ‘em, however.
I was also plagued by these style comments and showed how wide the problem is in a post a few weeks ago. My initial solution was to block the offending User-Agents at Apache server level – a less than ideal solution.
A friend of mine wrote an interesting solution to the problem using secured time-based-tokens and I have incorporated it into this freshly baked SpamKit Plugin for WordPress.
Maybe it can help?
Pingback: Will’s Blog » Blog Archive » Akismet Rocks
Hey Dear!
I am new to WordPress, i just started a week ago
but not sure how to use this blog, when i see my
blog’s left bar, with links called somthing blogrolls
and one of them i clicked and now i am here, but here i
was seeing very bad aspect of online marketing that is Spammers
but hope you make them lesson!, i am here to as you how to use it
means my blog http://www.acmeaims.com/daily i am also not familiar with
terms used there,,blogroll,ping,rss,,,i hope you will help me in this
regard,,,,,wish you good luck!, from MOhsin Rasool MoreLee webmaster
Pingback: alexking.org: Blog > Around the web
Pingback: What makes you happy ? » Gatekeeper in.
I remember when I first got caught up in a “poisoning the well” attempt. I was running Spam Karma v1 and some clever spammer began flooding me with spam comments that linked to “.com”. Sure enough, Spam Karma eventually added “.com” to its blacklist, and it wasn’t long before every incoming comment was eaten by Spam Karma. I had to flush my entire Spam Karma blacklist just to get rid of that one false entry. So, if you run an “intelligent” spam filter, such as Spam Karma and Akismet, keep a very close eye on your logs.
Getting a load of the poison too! Interesting.
Pingback: ShadowLife » Blog Archive » Comment Spam
I just saw your post about this. I wrote one the other day, dubbing the practice “Whitelist Spamming.”
http://www.iampariah.com/blog/2005/12/whitelist-spam-attacks-threaten-blogs-and-email/
The real problem comes into play when you think about the big picture. It’s not just about whether spam gets to YOUR blog, it’s about whether your domain gets blacklisted by other blogs and e-mail servers.