Are You Noticing An Increase In Blogspam Too?

Filed as Features on November 1, 2007 7:02 pm

For fans who read the BlogHerald, you might notice over the past few weeks a noticeable increase in blogspam, both in volume and variety. We’re running a combination of Spam Karma 2 and Akismet, but a whole lot still gets through.

I have noticed two particularly interesting kinds of spam, as I have been hand deleting comments of late.


1. Worthless Identical Comments: We’ve been hit recently with a lot of spam that comes from a few select IP’s, but they almost always have the same content. Its some variation of

“This is exactly what I expected to find out after reading the title *insert <title> of your post here*. Thanks for informative article”

or

“Hey! Nice blog posting about *insert <title> of your post here* I would have to agree with you on this one. I am going to look more into . This Thursday I have time.”

or the frequent favourite

“Superb write up talking about *insert <title> of your post here*. Thoroughly love your blog.”

Now the apparently puzzling phenomenon here is that quite often none of these comments have a URL attached to it; the traditional thinking has been that comment spam serves to artificially inflate the number of trackbacks to a particular URL, even if the rel=nofollow is on. What purpose does a non-URL’d piece of blogspam serve? Well, one theory that’s popular (and one that I subscribe to), is that there is still an IP that is attached to each comment; by allowing these seemingly benign comments through, you’re almost ‘white-listing’ these IP’s, so that when “real” blogspam comes, they aren’t automatically flagged.

Bottom line is that no matter what the reason why blogspammers are doing what they’re doing, the current practice I’ve adopted is that if it looks like blogspam, smells like blogspam, and acts like blogspam, then it gets deleted like blogspam. In this particular case, the current practice here is that if I see a whole bunch of comments that look the same, they get put in the same bin.

A few IP’s that keep on propagating the above non-sense have been blacklisted by me (through SK2), and you might want to keep a watch out for them as well:

 

72.232.123.175
72.52.145.58
70.86.43.130
64.22.110.34
64.22.107.90

 

2. High Granular Spam: Now, by this, I’m referring to how Spam Karma 2 recognizes past commenters through the “Snowball Effect”. That is, it tends to give commenters points based on how ‘valid’ their past posts have been, with the thinking that commenters who have always given ‘valid’ posts aren’t likely to post spammy ones in the future. Unfortunately, one way that it SK2 recognizes ‘valid’ posts is through the IP and URL of the commenter. We’ve been getting a lot of traditional spam recently that gets through SK2 precisely because the URL comes from Blogspot.com, where it gets a ton of points (granularity).

I’d love to comment on how stuff like this gets through Akismet, but since there are no FAQs on exactly how it works (or, provides a cookie trail for the stuff it moderates and stuff it doesn’t), I’m not able to. If anyone has any insights on this please don’t hesitate to leave a comment.

For future reference, however, we will simply through into the moderation queue any comments that contain the word phentermine, viagra, cialis, ambien, meridia and combinations thereof, and we will likely be turning *off* the Snowball effect for the time being, as a function for SK2.

If anyone has any other experiences with the rise of Blogspam, I’d love to hear about it (and commiserate) as well — do you find that more is slipping through? Has the quality of blogspam changed? And more importantly, does anyone know why this might be?

This post was written by

You can visit the for a short bio, more posts, and other information about the author.


Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By Mark posted on November 1, 2007 at 8:26 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    I agree, Tony- completely bemusing.

    Reply

  2. By Tony Hung posted on November 1, 2007 at 8:33 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    And frustrating! :P

    Reply

  3. By Chris posted on November 1, 2007 at 11:04 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Out of curiosity, have you tried the Bad Behavior plugin? It works very well for me (with SK2), but I do not have anywhere the volume you do!

    Reply

  4. By Jo posted on November 1, 2007 at 11:36 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Even as small as I am, I am getting a lot of the ones you noted in #1. Fortunately, my Spam Karma puts them in the que. So big and small are getting them. Odd yes.

    Reply

  5. By Valeria Maltoni posted on November 2, 2007 at 1:18 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I learned on Twitter that two pretty high ranking bloggers in my circle have been inundated with spam — they both run on TypePad. I have also received weird comments marketing or pitching products that had nothing to do with the post. My delete button is the fastest this side of the West ;-)

    Reply

  6. By Zach posted on November 2, 2007 at 4:25 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I left what I thought was a legit comment and saw that it got deleted. Maybe it was what I said, maybe it was because I used my site’s name as my name. Only you know the answer to that one.

    Guess I still have some stuff to learn.

    Reply

  7. By David Airey posted on November 2, 2007 at 10:16 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Hi Tony,

    I was curious why spammers would leave comments with no URL, so thanks for offering a reason. Makes sense.

    Reply

  8. By Tony Hung posted on November 2, 2007 at 9:24 am
    Want an avatar? Get a gravatar! • You can link to this comment

    @David — no problem … just a theory, though. End of the day, I don’t really need an excuse to weed out blogspam, though.

    Reply

  9. By Tony Hung posted on November 2, 2007 at 9:25 am
    Want an avatar? Get a gravatar! • You can link to this comment

    @Zach — we’ve set our moderation filters on “high”, so just be patient in the future, and apologies in advance if things get eaten up by mistake.

    Reply

  10. By Anne Helmond posted on November 3, 2007 at 7:59 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I noticed an increase in spam on my blog too. I also use a combination of Spam Karma 2 and Akismet but lately there is a lot of spam coming through.

    I receive spam of a different category, which I refer to as splog portal spam. This kind of spam is easy to recognize as the URL in the trackback is always a generic php page such as mywebsiteisgood4you.com/?p=538
    Such URLs trigger my spam alert immediately.

    Reply

  11. By Tony Hung posted on November 3, 2007 at 9:12 am
    Want an avatar? Get a gravatar! • You can link to this comment

    @Anne: no question, although for those kinds of spam I find that they’re usually trackbacks.

    Reply

  12. By Lorelle VanFossen posted on November 3, 2007 at 9:21 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Akismet’s recipe is secret but it “learns” which is the best part. What gets through is usually “new” so by marking it, the information is added to the database through the Plugin.

    Remember, comment spammers, like email spammers, are working overtime to make sure their crap gets to see the light of day. It isn’t just about the link juice. That’s old think. What isn’t is that people are still clicking these, even if it is to determine if it is indeed comment spam or because they are ignorant.

    We have to work overtime to fight back. That means supporting those who help us fight back, like Akismet (when was the last time you “paid” for it?), Bad Behavior, and Spam Karma. These “free” tools are invaluable for cutting back the spams to a few.

    We have to pay attention and monitor comments daily.

    We have to be vigilant and constantly search for “X wrote an interesting post about” which is typically a splog trackback, which contains words within the post itself and usually skips through because it “looks” good. These need to be killed off as they are also cluttering the web for link juice and ad revenue without adding content, even though their usage of your content is within copyright standards.

    These are our blogs and we have the right to choose who we allow to trackback and comment on our blogs, and I say splog trackbacks, justifiable or not, are not welcome.

    Good for the Blog Herald for jumping on this issue to protect their readers from comment spam, and helping others understand the importance of such actions.

    Reply

  13. BlogSecurity » Blog Archive » New breed of comment spamNovember 7, 2007 at 12:28 pm
  14. By The Doctor What posted on November 8, 2007 at 11:57 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I also get a bunch of bad requests to my WordPress blog like so:
    Refering link: http://docwhat.gerf.org/newuser.php
    Bad link: /newuser.php

    Which is goofy. There is no referring page “/newuser.php” Something is trying to pretend to come from the page they are at to register a new user. I’m not sure what blog platform newuser.php is for, but it’s not mine. :-/

    I keep thinking I should get some sort of spam blocking software where I could add this ip address as a must moderate ip address…

    Askimet seems to be working well enough, but my blog is just personal…

    Ciao!

    Reply

  15. By Seth posted on December 4, 2007 at 10:38 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I just got a ton in the last few days from the same IP address, and a lot of them didn’t have a website… but I think maybe the spammer just forgot, because there’s some before that from same IP and same style (Hey, I googled for and found your page ) that have links. So, maybe just forgetful spammer? Akismet caught all of them (about 100 in 3 days) and I just added the IP to .htaccess . Actually found this page by googling the IP :D

    Reply

  16. Targeting SpamFebruary 25, 2008 at 10:03 am
  17. Generic elavil.August 29, 2008 at 9:56 am

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current day month ye@r *