Comment spam (was Re: A fictional blackhat adventure)
- From: John Bokma <john@xxxxxxxxxxxxxxx>
- Date: 4 Sep 2006 18:19:51 GMT
David <seodave@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2 Sep 2006 19:31:42 GMT, John Bokma <john@xxxxxxxxxxxxxxx> wrote:
[..]
Have you seen the stats at http://akismet.com/
178,355,098 spams caught so far
1,024,256 so far today
93% of all comments are spam
That's a lot of people suffering from spam, it makes a lot of sense to
try to stop it rather than just filter it (thankful of the filtering
though :-).
The "best site in bleep" is on ca. 20,000 pages in Google. No idea how
much the grand total is (spammer used a different message as well). I
recall that he spammed 2-3 times a day, so 1,000,000+ sounds quite low
to me (meaning not many people filter).
I have no idea how much real garbage comes in, some bots can't handle my
form :-), others can't read "don't use HTML" :-) But I guess 10+
attempts a day. So a wild guess is that Akismet has around 100,000
users. Probably less, because WP might be spammed more.
The thing is Akismet could do a simple reporting: they can even keep a
cache of ISPs/HSPs that have received the message in order to send out
only just 1 message/incident. I have no idea how many people do report
comment spam, I guess a very very low number of people :-)
Been thinking about that, the problem is that I am not interested in
having my site DDoSed because I am anti-spam. I already try to be
carefull when I report on my spam fighting attempts.
Is a DDos attack a serious risk for any site that reports SPAM (how
would they know?) or do you mean if you created something like Akismet
that automatically reported as well it would be attacked?
The latter. I blog now and then on spam reporting, and I do risk
countermeasures.
<http://diveintomark.org/archives/2003/11/15/more-spam>
Has quite some info, and shows a bleak picture. I am more optimistic
especially since comment spam has several flaws compared to email spam:
- reaches less people
- if one does it for IBLs, the spam must be up for some time
(much longer compared to spamming 10,000,000 people, and having
your first orders in 10 minutes (wild guess))
- higher cost (guess)
My guess is it's way less effective compared to email spam. By breaking
down sites fast (fighting the second item on the list), the comment spam
that is not filtered out will be ineffective very fast.
Another thing I would love to see is that blogs/guestbooks that are
clearly open to such spam are closed down by the ISP for the same reason
one can't leave his/her car unlocked in a city in the Netherlands (and
probably more countries).
Those measurements might be able to delay the thing that's going to
happen one day: smarter comment spam that comes close enough to a real
comment, and hence manual moderation is needed. Also the risk on false
positives and angry users. I am afraid that quite some blogs will turn
off comment spam.
Another issue is that the abuse addresses I use to report are
extracted from a website that probably doesn't allow for this in the
first place (to do it automatically). And hence I cache each look up
for several weeks which works very good (I have a lot of cache hits).
OK.
Actually a semi automated tool would be better. Have you used Akismet
so seen what it does?
I contacted them, and their reply was along the lines: we do examine
comment spam, but that's it.
And yes, semi automated would be the best, mine is. It looks up the
email address for reporting abuse for the IP address used to post, and
each site mentioned. I check before I press 'Y'.
There's a "Not Spam" check box (for recovering posts) on the page
where it filters the SPAM, what would be good is another check box for
"Report This Spammer" or similar which puts the spam through a semi
automated process. This would then help prevent false reports.
Yup, exactly. Moreover, they can keep a list of:
domain last time reported
And only report those domains that haven't been reported in the past x
hours. I am going to do such a thing, because sometimes I report the
same site to the same hosting provider in a short time, giving them the
same message, and wasting their time.
Also, some ISPs/hosting providers don't care. It would be nice if
someone can keep a kind of score. If an ISP/HSP has ignored too many
reports, it can be put on a black list including the score, and people
can configure per blog if they want comments from a black listed
provider, and how high his score has to be before it should be filtered
out.
I'll contact them next week to see what can be done. It only takes a
hand full of people to report spam. I have seen sites taken down just
hours after I reported them.
I've never reported a comment SPAM site, how do you do it?
See <http://johnbokma.com/mexit/2006/01/23/>
All comments I receive by email, and they have special header and
footer. The footer also has the IP address of the spammer (which can be
a zombie computer, a proxy, etc.).
My program just gets every URL in the message, and the IP address, and
looks up the abuse email address using the URL given on my site.
Of course spammers can move on to the next hosting provider, but since
most are trying to do link building, it's very different from hit &
run domains email spammers use. It's in their interest that the domain
stays up long enough to get visitors via blogs and guestbooks.
Yes and no. Although they'll loose hosting they won't loose the domain
(or do they and if so why?),
A lot use free webhosting, blogspot (JavaScript redirect, so probably to
make money with referrers), even abuse sites [1], etc.
so it will cost the spammers money and
time in purchasing new hosting/setting it up. Also there are hosts
that don't give a crap what their users do, so some will be
unaffected.
Yes, the latter does happen. Or they give a crap, but have no idea what
I report (which I cleary explain in the email), and ask for the entire
email, since to them spam = email.
That leaves just targeted manual comment SPAM where the spammer
creates a custom thought out comment that gets through (not many of
them around though :-)).
This will be automated in the future. It's not that hard to scan the
article, and automatically generate a comment. Some will look
artificial, others will look genuine enough.
** I now recall why I use both of them
http://akismet.com/blog/2006/08/downtime/#comments Akismet went down
and some blogs got spammed bad! Mine didn't though as Spam Karma 2 was
still working :-)
Yup, using Akismet is putting all your eggs in one basket. As soon as
Akismet is considered effective by spammers, it will me massively
attacked.
Somehow the number seems to go down and down, so maybe someone has put
me on a blacklist (or whitelist) :-D.
LOL that would be very funny if true.
Yes, I would prefer it that way.
--
John Need help with SEO? Get started with a SEO report of your site:
--> http://johnbokma.com/websitedesign/seo-expert-help.html
.
- References:
- A fictional blackhat adventure
- From: KimmoA
- Re: A fictional blackhat adventure
- From: Benjamin Niemann
- Re: A fictional blackhat adventure
- From: John Bokma
- A fictional blackhat adventure
- Prev by Date: Will changing file extensions affect SERPs?
- Next by Date: Re: Ping Els CSS Question-Yes Off Topic:-)
- Previous by thread: Re: A fictional blackhat adventure
- Next by thread: New buyers' guide to web analytics
- Index(es):
Relevant Pages
|
