For fans who read the BlogHerald, you might notice over the past few weeks a noticeable increase in blogspam, both in volume and variety. We’re running a combination of Spam Karma 2 and Akismet, but a whole lot still gets through.
I have noticed two particularly interesting kinds of spam, as I have been hand deleting comments of late.
1. Worthless Identical Comments: We’ve been hit recently with a lot of spam that comes from a few select IP’s, but they almost always have the same content. Its some variation of
“This is exactly what I expected to find out after reading the title *insert <title> of your post here*. Thanks for informative article”
“Hey! Nice blog posting about *insert <title> of your post here* I would have to agree with you on this one. I am going to look more into . This Thursday I have time.”
or the frequent favourite
“Superb write up talking about *insert <title> of your post here*. Thoroughly love your blog.”
Now the apparently puzzling phenomenon here is that quite often none of these comments have a URL attached to it; the traditional thinking has been that comment spam serves to artificially inflate the number of trackbacks to a particular URL, even if the rel=nofollow is on. What purpose does a non-URL’d piece of blogspam serve? Well, one theory that’s popular (and one that I subscribe to), is that there is still an IP that is attached to each comment; by allowing these seemingly benign comments through, you’re almost ‘white-listing’ these IP’s, so that when “real” blogspam comes, they aren’t automatically flagged.
Bottom line is that no matter what the reason why blogspammers are doing what they’re doing, the current practice I’ve adopted is that if it looks like blogspam, smells like blogspam, and acts like blogspam, then it gets deleted like blogspam. In this particular case, the current practice here is that if I see a whole bunch of comments that look the same, they get put in the same bin.
A few IP’s that keep on propagating the above non-sense have been blacklisted by me (through SK2), and you might want to keep a watch out for them as well:
2. High Granular Spam: Now, by this, I’m referring to how Spam Karma 2 recognizes past commenters through the “Snowball Effect”. That is, it tends to give commenters points based on how ‘valid’ their past posts have been, with the thinking that commenters who have always given ‘valid’ posts aren’t likely to post spammy ones in the future. Unfortunately, one way that it SK2 recognizes ‘valid’ posts is through the IP and URL of the commenter. We’ve been getting a lot of traditional spam recently that gets through SK2 precisely because the URL comes from Blogspot.com, where it gets a ton of points (granularity).
I’d love to comment on how stuff like this gets through Akismet, but since there are no FAQs on exactly how it works (or, provides a cookie trail for the stuff it moderates and stuff it doesn’t), I’m not able to. If anyone has any insights on this please don’t hesitate to leave a comment.
For future reference, however, we will simply through into the moderation queue any comments that contain the word phentermine, viagra, cialis, ambien, meridia and combinations thereof, and we will likely be turning *off* the Snowball effect for the time being, as a function for SK2.
If anyone has any other experiences with the rise of Blogspam, I’d love to hear about it (and commiserate) as well — do you find that more is slipping through? Has the quality of blogspam changed? And more importantly, does anyone know why this might be?