Wednesday, August 31, 2005

Spammed T-Shirt

Spam Huntress was mentioned in The Guardian's article Moral Maze by Michael Pollitt about referrer spamming. In it M0nkey says there is "no law anywhere specifically against referrer spamming." And asks, "Why would it be unethical, any more than it is unethical to wear a highly visible company logo on a piece of clothing?"

Well, Paulo had a good response:

Someone tell him to make highly visible red and pink stickers which says "TEXAS HOLDEM POKER PHENTERMINE VIAGRA MILF RAPE SEX," and walk around Oslo, randomly slapping those stickers onto people's clothing without permission, then claim that it's all perfectly ethical when the mob comes with pitchforks and tazers.
spammer t-shirt

Script tags in the user agent string

Dirk found something intresting, a script tag in the user agent string left in his logs. I don't know how effective it is, but I presume that if spammers are doing it, it probably works somewhere.

Tuesday, August 30, 2005

What is a Splog?

I ran across a page today where the owner was worried that his page may be identified as a splog because so many people are finding lots of splogs and his content involved discussion of AdSense. Don't worry even if you have a small rarely updated blog with lots of links. There are obvious differences between legitimate blogs and splogs. A more detailed definition of splogs can be found on our wiki.

New Spam Fighters

There seem to be a lot of new people joining the spam fight with the recent anti splog campaign. I am no expert spam fighter, but I have been doing this for over a year now. Hopefully I can help newer fighters with some of the things I have learned.

First, be careful how and where you leave links. I know you are eager to get the word out on your new anti-spam site, but not everyone else will be. Most spam fighter sites are open to linking to each other, but if you are just starting out, you probably shouldn't expect to get links from the top established spam fighters. Build your website content and show what you can bring to the table first. Get links on other smaller sites and get to know them. For example, Spam Huntress and started both about a year ago, but we didn't know about each other until rather recently. Since then, we cooperate a lot and help each other investigate spammers. It certainly has benefitted both sites.

When first started we tried to be very careful that no one could mistake our posts as spam. In the beginning we would often leave text only URLs (not links) in places we were unsure about. Maybe we were too cautious, but you never know.

Sometimes it doesn't take going out and leaving your links in comments. I often check referrers to my blog and our wiki. When I find a good antispam site linking to us I will link back either from here or our links page on the wiki. If I find a really good site I will often mention it in a post or on our WikiForum. I know Spam Huntress also reads her referrers too. That is how I found Fight Splog yesterday.

I know running a website costs money, but I always dislike brand new spam fighting sites that have lots of AdSense or other ads. Don't over do it. While the site is still small and being built up, ad free (or ad light) look more legitimate to me. Spammers love to use lots of Adsense so the amount of ads I see on a site often gives a hint of its spamminess. There are a few antispam sites that I swear must be by black hat SEOs, not only the content, but the number of ads. Now if you are an established site and have a lot of content I have no problem with ads, at some point it is necessary to help offset the cost of running the site. Until your site has some real traffic, you aren't going to be making much anyway.

Be careful what you say about a spammer's site. Spammers like to threaten lawsuits. Whether they follow through or not those are still some of the scariest days you will have in your spam fighting life. Lawsuits and even death threats are always a risk when you fight spam.

If you do post a spammer's URL be sure to either post it as text only or use the rel="nofollow" attribute to make sure that your linking to them doesn't count for their PageRank. I know it makes little difference compared to the thousands of other links they likely have spammed all over the place, but why help them at all.

I also suggest you link to other forms of spam fighters. I stick mostly to web spam/spamdexing sites which already covers a huge area but I also mention important email spam things sometimes. We are all in this together. All spam is related and many techniques can be used between different types of spam.

The last thing I will mention is, if possible don't do this alone. If I wasn't doing this with a friend I probably wouldn't still be doing it (in fact I wouldn't have started). No matter what, your enthusiasm is going to lessen over time and/or life is going to get busier, it happens to most (if not all) spam fighters. Both Manni and I suffer from one or both. It is not hard to get discouraged, it is usually rare to see results in spam fighting and it is mostly a thankless job. Right now lots of splog fighters are getting results because it has become a hot topic, but when things get back to normal it will once again be hard to get visible results on splogs just like it is in all other web spam fighting. I hate to mention it, but I do have to warn that if you ever do quit, don't just let your domain registration drop. Give it to another spam fighter. I have seen several antispam sites get dropped and a spammer will pick them up and use them for spamming. I can't stand that spammers are benefitting from all the PageRank the site built up as a spam fighter. And anyone following old links will end up at a spammer page.

I hope this helps new and prospective spam fighters and doesn't scare anyone off.

Monday, August 29, 2005

Writing Viruses for Money

Slashdot mentions a article in which the accused author of several recent worms says his work was "spread only for money" and hints it involved spyware.

Splog Reporter

I discovered another Anti-Splog site, Splog Reporter. Not real clear on what they do with reported splogs, but I assume they report them to the appropriate places to get them shut down. I just wish they were a bit more informative.

They even have a Firefox extention to make the process much easier. It works, but there are some minor bugs to work out of the system. The extention button that you can add to your toolbar does not match the size of existing buttons if you are using small icons. It looks fine otherwise. And it does not adjust the placement of the text depending on the toolbar. When adding it to my Web Developer toolbar (where text labels are to the right of the icon) it doesn't fit in either.

I also don't like how they added Report Splog to the top of the context (right click) menu. I am used to having Back or Open in New Window at the top. They also added themselves to the top of the Tools menu. If every extention author put themselves at the top of every menu Firefox would be useless. They should be put where it goes with existing menu content.

The form that you fill in does keep your information for next time. I would hate to have to fill it in every time. But where they ask for "Splog Found Using" they default back to IceRocket, which I have never heard of (remember I am not really a blogger, just a wiki user with a blog). They should default to a blank. I just submitted 4 or 5 splogs and most I realized later were probably marked as IceRocket. They don't even give the option of Blogspot's Next Blog ring, you have to choose other.

But worst of all, when you first fill in the form it is set to signing you up to a newsletter. I assume it is a perfectly good antispam newsletter. But I just don't like sites that make it easy to sign up to any newsletter by accident.

I do like how they work the reporting system though. They rank reporters, by accuracy and number I suppose. If chongqed's spam submissions ever got really high that would be a good idea for us too. But it requires some way to identify users. I know some spam fighters perfer not to use email addresses even on spam fighting sites.

Overall I like the idea. It is still pretty new so a few kinks are expected. I am sure they will get things worked out.

Next Splog (part 3)

James says he went spam flagging on blogspot this Saturday and within 24 hours 5 out of 6 splogs he reported were taken down. But he cheated, he also wrote a backchannel email to Blogger Buzz about them. I am not upset about the cheating, it certainly had great effect. It just makes it appear that Google is on top of things. They aren't. My flagging spree was on Friday and has not had any effect.

I did find one of the blogs I listed earlier had been shutdown, wallmartnews. But it was one of those without a flag button and the others like that I listed are still around so I suppose someone else reported them by email.

Some other mentions of splogs:
Blogspot: More Spam Than Anything Else
Blogger: More Splog Than Blog
I'm Tired of Getting Ripped Off by Splogs
Google's Blogspot Appears To Be Full Of Spam

Fighting Splog

I just discovered a new spam fighter that specializes in Splogs. First he reports them to Adsense (for those using them) and then reports them to Blogger only after their Adsense accounts are suspended. I agree with his reasons:

"The reason why I'm aiming for AdSense account suspension is to really pull out the weed from the roots sorta speak. Just removing the splogs is not a deterrent since they will just create more splogs to replace the ones that were shut down."

Spammers will still recover from it, but at least it is a bit more trouble for them.

Thanks for the link SplogFighter. Keep up the good work.

Sunday, August 28, 2005

Next Splog (part 2)

Back in my Next Splog post I made some observations about how I thought blogger's Next Blog ring works and wondered if spammers have tried to get me flagged enough to knock me out of it.

Well, it appears I am still in the Next Blog ring. I got a number of hits from random blogspot sites last night. They lasted for at least an hour (my referrer stats are limited). But none from blogspot since then so it appears that is more conformation that the ring randomly chooses from a group of sites for a certain period.

Saturday, August 27, 2005

Slashdot: Pokerbots

Slashdot has a story about poker bots that are hurting online poker players by taking their money. Seeing as how much spam is involving online poker maybe this isn't such a bad thing. It is not good that it hurts players, but maybe it will make the slimy poker sites less popular. Maybe then the poker spam would die down a bit.

Javascript Spam Fix

I just found some very interesting stuff on Spam Huntress' wiki. Marco seems to have to have a pretty good solution to referrer and trackback lists becoming unusable again. By using some Javascript he can tell which ones are legitimate visitors and not bots. At least for now, most of these bots don't handle Javascript.

See his posts:
Trackback Spam Eliminated
Bye bye referrer spammers (2-1)

But these solutions aren't able to prevent the spammy referrers and trackbacks in the first place so it still doesn't solve the problem of spammers wasting your bandwidth. And it wouldn't be too hard for spammers to work around this, it would likely be less automated, but if this prevention method becomes prevelant they likely will try it.

It seems Marco currently has a low opinion of Google: Google doesn't give a shit. I have to agree they don't seem to be solving the problem. But they do try, they are just a little misguided and slow. But compare what they are doing to other search engines. I don't know how the other search engines are planning on surviving if they don't do more to fight spamdexing. Google may be full of spam, but there is only so much they can do when spammers have filled up so much of the internet with their garbage.

Thursday, August 25, 2005

Flag As Objectionable

Ok, I admit before I had only skimmed Blogger's info on Flag As Objectionable. It is actually more informative than I first thought. It still is not totally open about how things are done, but I think that is important to prevent it from being abused.

They do say they base it on number of members that flag a blog, and imply that they do review them rather than any automated process handling it. In fact they say, "The Flag button ... cannot be manipulated by angry mobs."

Elsewhere in it they mention:

For more serious cases, such as spam blogs or sites engaging in illegal activity, we will continue to enforce our existing policies (removing content and deleting accounts when necessary).

So they apparently do remove content and delete accounts. I have not seen any evidence of that happening. In fact, long ago I was told they do not monitor content when I complained about a spammy porn blog. That was a good while ago so maybe their policies have changed. But don't forget the rather recent blogspot spammer.

But mainly they appear to be concerend with just not promoting blogs with inappropriate or vulgar content. I certainly would not want kids to see some of the blogs here. I have no objection to them existing, but they don't belong in the Next Blog "ring." But I have no interest in flagging those. The only ones I will flag are spam blogs.

Next Splog

Spent a few minutes (far longer than intended) going through blogger's Next Blog "ring". Wow, I didn't realize how crappy blogger had become. At one point Next Blog took me to 6 splogs in a row. Apparently Google should rename the button to Next Splog. I kind of wish my blog wasn't hosted here now, but I am not going to move just because of spammers.

Well, here are the list of obvious splogs I ran across (you may notice several are nearly identical):



So other than going on a flaging spree and seeing how full of splogs blogger really is, what did I learn from this?

Well, I am glad you asked. I confirmed what I already suspected about the "flag as objectionable" feature; a single user's vote does not immediately get a blog removed from the next blog "ring." I found that out because I was still seeing some of the same spammy blogs (with my flag shown) as I traversed the "ring." It seemed I was seeing more splogs twice than I was seeing repeat legit blogs.

That makes me wonder if the next blog function is based on traffic or content or something. It certainly was not being chosen randomly from the entire number of blogs here so I suspect they may rotate through smaller subsets throughout the day.

As before, I assume someone at Google reviews the pages that get flagged (likely after several votes). It may even be automated based on the number of votes like GMail's wonderful spam blocking. I sure hope not. There are far too many splogs out there and too few people that would care to flag them. And of course there are lots of spammers out there that likely already have me so flagged you would never see this blog though the Next Blog button anymore.

Didn't really investigate, but these spammy blogs somehow blocked the new flag button on blogger's navbar:


I saw a number of sites with banners such as this one. By putting the banner on the left side of the page it makes the next blog and objectionable flag visible but not accessible. Luckily I have Aardvark to remove it. You can always hit back if you are only trying to hit the Next Blog button.

I even found a number of legit blogs with no navbar at all. They had pulled some CSS tricks to get rid of it. I admit to thinking about doing that myself, but it is not really intrusive like the junk many free services force on you and I assume can get your blog removed due to violation of the terms of service.

While Next Blogging I did ran across a lot of legitimate blogs and few really cool ones. So I thought I might share some of them to prove that it isn't totally a Next Splog button:

Wallnut Gallery
What the Futch?
Solo Los Propositos Unifican

Spam Keeps The Blog Dynamic

"i would not return to the page with the topic you read before,butiwill probably return to the topic i posted a comment to. More comments means more visits and it keeps the blog dynamic. After all blogs are not for authors only"

That is what a spammer left on the chongqed wiki when he spammed it. This isn't the first time I have seen similar (and possibly even identical) spam, including the fact that there was no URL. Also notice, he seems to think he was posting to a blog.

He is right of course, more comments means more visits and the blog is more dynamic. But when it is spam comments, the more visits come from spammers and legitimate visitors become sick of the trash and stop visiting. And blogs are more dynamic when you have lots of spam, because then the admin/owner has lots of cleanup to do over and over.

Isn't it great that spammers are helping us out with (ruining) our blogs (and the entire web while they are at it).

Wednesday, August 24, 2005

Turning Comments On

I just realized I have had comments turned off for a long while even for registered Blogger users. I think it was after the last blogspot spammer hit me. His account is of course still open since Blogger supports spammers.

Well, since Blogger's new Word Verification aka Captcha for comments option is available I figured I would turn it on and let anyone comment (for now). I know I just got through saying I don't like them, but its better than not allowing comments.

Captcha Decoder

I just saw a Slashdot post on the PWNtcha Captcha Decoder and had to mention it. The author is not doing this to help spammers, he seem interested in proving how weak they are and showing what kinds of captchas are hard to beat. Currently he is not decided on releasing the code, mentioning the full-disclosure debate as a reason he may eventually release it. Many people that push that idea say it is so the problem gets out and then forces it to be solved. Others (such as many Slashdotters) just want to see how it works or have proof it really does work.

The problem is Captchas are never going to be fool proof and releasing code like this just makes spammers jobs easier. I have no doubt spammers will eventually figure out how to do this themselves. But until that day comes (and it becomes widespread), Captchas are one of the more effective spam blockers. I don't really like them for many reasons, but I have to admit they are very helpful in preventing most modern bots.

Similar work has been done at UC Berkeley and in another program called aiCaptcha. Neither of them are releasing their code thankfully.

I do think his work on breaking Captchas is good. By learning how to break Captchas before the spammers do and documenting it, hopefully they can be made harder to break. Just as long as they don't help the spammers by actually giving them the code.

Tuesday, August 23, 2005

Spam Game

We got a spam submission that notified us of an online game is running where players compete by linking to a page that records hits. You can see example spam here, here, and here.

From Google I don't see a lot of wiki or blog links, but there are over 3000 with a search for forum. Of course that is not be a very acurate measure for many different reasons including that many may be perfectly legitimate. But there are certainly many that are not.

I found a couple that had already been removed since Google indexed the page, so we aren't the only ones that think this is spam. There were also several that could be at least semi legit posts with it in their signature.

It looks like they need to really tighten the rules or shut this game down. The site and many of the hits I found were in German so it was hard for me to be sure what was going on (the Babel Fish translation sucks), but Manni luckily speaks German. He agreed they have setup a link game with a story about vampires and werewolfs that luckily for them gets victims to view their google ads.

Monday, August 22, 2005

Mozilla Troubles

I recently listed some of the Firefox extensions that I like. Well, after an extention update I ended up with a conflict. Firefox would startup fine, but you couldn't open pages that were supposed to open in a new window (not popups) and Firefox would not exit properly. That isn't the worst trouble I have had with extensions, at least it starts this time. I finally narrowed it down to an extention that isn't that important so I disabled it and am back to normal. But finding it took time and effort, the average user is not going to put up with that.

Another extention trouble I ran into recently was with Thunderbird on my Dad's computer. He couldn't send mail. Since I wasn't around I couldn't help solve the problem for most of a month. He had clicked on one of those update reminders and got a bad version of an extention. But from his description of the problem originally that wasn't clear or I could have solved it over the phone by telling him how to disabled it.

Another Thunderbird bug he has found is the inability to turn off "Shrink to Fit Page Width." The option exists, but won't stay set when you restart Thunderbird. He prints a lot (I try to make him cut back) and has run into some messages that are shrunk so small they are nearly unreadable. It happens when a plain text message has improper line lengths. Then Thunderbird shrinks the page to get as much as it can of the paragraph on one line.

Another thing that bothers me about Thunderbird is the header view. I can't stand it. I kept my old outdated mail client for years longer than I should have because of it. I liked the old way Netscape Communicator did it; the headers appeared as part of the mail and scroll with it. Mnenhy helps, but has other side effects I don't like. Kmail is pretty good, but is for Linux. I use Linux some, but I am mostly a Windows user.

Hopefully with the 1.5 releases comming up much of this will go away. The new IE7 (even if a dissapointment in standards compliance) seems to be a giant improvement. The reason many people switched away from IE was it's problems, not Mozilla's features. I doubt they would have a problem with switching back.

I am eager to see IE7, most reviews I have read don't really focus on the details I am interested in, but IEBlog gives some details that sound good. I doubt I would ever use it as my main browser, seeing as I would love to chunk all my MS stuff go Linux. But I can just imagine all the things I won't have to work around when writing CSS once most people have upgraded.

Saturday, August 20, 2005

Slashdot: Google Reacts to Splogs

It seems blogger is finally going to do a tiny bit to crack down on Splogs (Spam Blogs). They are going to let users flag objectionable blogs. And after review (I suppose) those blogs will not be promoted on It is a tiny step, but at least they are waking up to the problem. I just wish they would open both eyes.

They are also finally putting in a comment captcha, though it is sadly off by default (wake up Google). This step will be a good improvement for the spam problem. It is about time Google realized just because the spam on blogspot is not effective (due to rel="nofollow") doesn't mean spammers will notice. Spammers are dumber than a box of rocks, you know.

Slashdot's coverage