mkale.com

Comment Spam

By June 11, 2011 1:13PM [link]

On two occasions in the past month, I've gotten a burst of strange comment spam. First on my app website, and then a couple weeks later on my personal blog. The spam was unusual in that it didn't contain any offers for pills that alter the size of my waistline or other body parts, mail-order brides, mail-order college degrees, or whatever else the spammers are peddling these days. Instead, it consisted of short, pleasant-sounding thank-you type messages. Like the following:

And on and on like that. Each contains a misspelling, and there were other similarities as well:

I did some research, eventually finding this page, and a hackernews thread about it with people describing and talking about similar incidents.

Why the weird misspellings?

I imagine a common pattern for blog software is to put unknown commenters into a moderation queue but include a whitelist for previously known commenters, allowing them to post freely. So it's possible that the spammers start by sending some innocuous-looking comments, hoping to be allowed into the whitelist. Then, they come back and hit the website hard with spam comments once they are. The misspellings make those exact phrases rare on the web, which makes them easy to search for using search engines. The spammer might have a second-round piece of software that searches for blogs where their first-round comments got through, allowing them to focus further spam comments on those blogs where they are likely to be published. (I hope that by including the phrases above, I'm not going to trigger a wave of second-round spam!)

Why no links in the comments?

As above, it might be that the spammers save the links to enhancement pill websites for their second-round of comments, thinking that the first round is more likely to go through without them, allowing them into more whitelists. Another possible explanation is that my comment box does not have any "website" or "url" field. Many blogs allow commenters to include a link to their personal website and spammers might think that including their spammy links in those fields makes it less likely that the comments get filtered out. Their spamming software probably fills out web forms as completely as possible and then hits submit, not noticing that they never got a chance to leave their link as part of the comment.

History | Blog | mkale.com