Oct
29
Filed Under (AnimeBlogger.net, Antenna, Forums, Wiki) by Maestro on 29-10-2006

Pretty much all of us have to deal with spam at some level.  No matter how annoying the spammers are at any one level they get worse the more things you have to deal with.  For example, just dealing with spam in E-mail can be a real pain if you don’t have good filtering and you have the misfortune of having a common username (even worse if your username is a common English word).  If you’re a blogger you have to deal with comment and trackback spam as well.  It doesn’t matter how popular your blog is or how much you post, as long as there’s a single post that the spambots can comment/trackback to they’ll eventually find you and start spamming your blog.

Spammers, and their spambots, view every single script they can find online as a target.  Those of you who’ve had tagboards or shoutboxes will know exactly what I mean, spammers will try to see if the tagboard/shoutbox script can be abused to send their spam E-mails.  You’ll end up with mail headers from their test attempts posted as comments.  As annoying as they are though, there are some very smart people out there writing the bots that they use to attack us.  In dealing with spam on the site, I’ve noticed that the patterns of attack are very different depending on the attacked service.


ORZ: What you feel like doing when dealing with spammers.

On my own blog all the spam attempts, since I did away with the shoutbox I first had up, have been comment spam and trackback spam.  Dealing with these hasn’t been too much of a pain, for a while I just set all comments to requiring admin approval thus making all the spam comments get held for moderation.  Eventually I installed Spam Karma 2 and it has caught every single spam comment and trackback since I installed it.  Looking at the spam I do get on the blog it’s nearly 100% medical/drug spams.

On our forums a good 99% of the spambot attempts are to create an account with their spammy links put into the URL and signature fields.  Since I’ve dealt with this for well over a year, I can say for certain that they generally don’t even bother to activate the account.  They just create the account and be done with it.  Originally I dealt with these by deleting all info from the profile fields, banning the username and E-mail address, flagging them with a special rank (“banned spammer”) and then making their accounts inactive.  As time went on the frequency of these spambot signups went way up.  At one point I was doing the above process to over 5 usernames a day.  I did some research on the problem at this point and discovered a simple mod that would stop the majority of these attempts and prevent the rest from getting a valid link into their profiles.  I also found out that the spambots don’t browse the forum normally and try to signup, they’ve been coded to understand how PhpBB forums work and go straight for the signup, sticking their links into the fields directly.  With the new script in place the URL and Signature fields do not display on the signup form and cannot be accessed by users until they’ve reached a post threshold.  Therefore anything trying to submit a signup with those fields filled in must be a spambot.  On average I get at least 6 of these blocked attempts a day.  Occasionally a spambot will just not give up when the process fails.  Two days ago one attempted to register 16 times in a row, using random nicknames, passwords and links — all from the same IP address.  Normally I file the reports on attempted spambot signups and do nothing more with them, but when I get one that attempts to signup 16 times I will ban the IP permanently.  As for the spambots that manage to register (these are more “stupid” bots and apparently actually use the real registration page), I can tell that they’re spambots easily 99% of the time and I delete the accounts and ban the E-mail address they used.  (If the domain name used in the E-mail is a spam site I ban the entire domain.)  The types of attempted spam on the forums is all over the map, I’ve seen some really strange stuff, even things like dentists!  It appears that spammers use forums as their general dumping ground.

Vita with a big hammer, she needs to use that on a few spammers -- repeatedly.

Since the Antenna is an aggregator and accepts submittals for new blogs it gets spammed too.  There are two main culprits on the blog submittals — ringtones and OnlyPunjab, a very spammy Search Engine Optimization “company”.  Most days there’s anywhere from 2 to 6 spam blog submissions, and since all blogs are approved by a human none of these make it through.  We don’t just accept submissions for new blogs though, we also accept submissions for new series and alternate names of series.  The spambots have absolutely no clue what to make of this portion of the page and on a normal day I have 8-20 (and occasionally more) alternate series name submissions for “good site”.  Apparently the spambots think this is a comment area and treat it as such.  They like to start their comment spam with “good site”, as if this will make it any less apparent that the comment’s spam.

Finally we have a wiki (that’s greatly underutilized so I won’t bother linking it) and the spambots go after it too.  Thankfully they’ve slowed down dramatically since the wiki’s not being used much (and thus not linked much) but at its worst I was having to revert edits on 20-50 (yes fifty) pages a day.  Often different spambots would hit and overwrite the spam of the last one.  To help defend against this I set the wiki to require a logged in user account to edit/create pages.  This didn’t help any at all, the spambots are smart enough to register, spam a few pages, then register a new account and repeat.  So in addition to reverting all those spam edits each day I was having to ban 3-5 spambot user accounts a day as well.  The spam that hits the wiki is quite varied but tends to stay the same on a month to month basis.  Some months have had almost nothing but music-related spam (interestingly many of these name the link to look like a Mp3, so apparently spammers are trying to pull in users hunting for Mp3s online).  This month’s have mostly been about heaters and other wintery items.  One thing that is surprising is their obsession with creating a page for Serin, which is a small bird in the Finch family.  Even Wikipedia (the number one result when Googling for Serin) has a very small page with little information on it.  Another reason this is surprising is that by just creating the page and not linking it from the main index or another article it’s effectively an orphaned page, and incredibly unlikely to show up in search results of major search engines.  To date I’ve deleted that page (and its talk page) over 10 times.

You really have to be dealing with many different things (blogs, forums, wikis, aggregators) from the admin side to see these patterns though and I thought others might find them interesting as well.  Also, many spammers try to justify what they do and claim it doesn’t harm anyone or cost anyone anything.  I think pretty much all non-spammers don’t buy that argument, but the above makes it very clear that there is a cost from what they do for their victims — in time.  Time’s valuable, I know I have a lot better things to do than deal with cleaning up after spammers and fighting them off, yet I have to spend at least an hour every day dealing with them.

Feel free to comment with your own spam fighting stories, I’m sure everyone’s got them and I’d like to hear them! :)

(5) Comments    Read More   

Comments

Glazier on 30 October, 2006 at 7:01 pm #

>Feel free to comment with your own spam fighting stories, I’m sure everyone’s got them and I’d like to hear them!

No stories yet :) – My blog is still new and rarely updates, so not so many visitors = no spam :) . but i have Spam Karma ready for the future ;) .


THAT Anime Blog v2.0 » Maestro’s blog is back! on 2 November, 2006 at 1:43 am #

[...] Well, I placed this under site news because it is probably something good that is happening. Maestro is finally restarting his blog and focuses on various aspects and problems of animeblogger.net such as spammers and possibly much more other issues that would probably be explored. Do take a look at the great ab.net’s taichou’s blog for more updates on ab.net and the likes. [...]


Maestro’s Anime Blog on 7 November, 2006 at 9:47 pm #

[...] So why don’t we more widely advertise that free hosting is available?  Well at first we didn’t because we wanted to get an automated process setup to create the accounts.  Eventually it became obvious that fully automating this process isn’t possible as some things must be done from the web panel manually.  It’s also become painfully obvious that any kind of link setup for creating accounts would get spammed horribly.  (See my post about dealing with spam for an idea of the spam we deal with already.)  Finally though, I think the process we have now is better in some ways.  How many sites that you sign up with do you get to talk to the owner?  Our users are used to contacting me personally when they have a problem, whether by E-mail, on the forums or on our IRC channel (for the record E-mail’s the best way to contact me). [...]


Scyllua on 4 December, 2006 at 1:13 am #

I’ve been blogging since two, almost three years ago in a couple of different sites, but most spam I receive is related to the online shopping I do, or because of the fanlisting I own.
…It seems about 50 or so messages arrive at my spam folder in both email accounts I use, daily. I always check this folder before deleting it, just for good measure, so I take a look at the messages… Most of them are, as usual, medical/drug advertisements AND sex “offerings”, and I just wonder where in Eath those spammers get my email from (ok, I check on yaoi and hentai sites but not that often)…
It always make my day, though, when I receive a “you won the lottery, wow!” message (about once a week, sometimes a couple of similar messages from the same sort, so I must be real lucky to be twice the winner), or better yet, a “your paypal account…” For I have no Paypal account: this service doesn’t operate in my country. However, those spammers insist on problems with my account, I’d say once every two or three weeks.
Sorry for my boring spam chronicles. I should find a way to make my stories a bit funny.


Ninja-Habits » Blog Archive » THE DEATH NOTE OF SPAM on 18 January, 2007 at 10:54 pm #

[...] So on a final note, here’s a link to an articles on the trials and tribulations of our animeblogger boss Maestro – he/she has REAL spam issues. [...]


Post a Comment
Name:
Email:
Website:
Comments: