Comments on: Sleeper spam

By: Ben Metcalfe

Ben Metcalfe — Sun, 23 Jul 2006 12:11:57 +0000

Yes, I get this a lot – and the worst thing is that they often don’t flag up on Akismet (automated spam filter).

The issue, of course, is that the email address field in comments has become a “key” (in the lock/key sense of the word). If you submit a comment with an email address that’s already been approved once, the blog software will probably publish it imediately.

Of course, email addresses in comments are kept secret but links to websites/other blogs aren’t. Next step will be for spammers to crawl your comment stream (easy if you have a comments RSS feed) and pull out email addresses from the pages your readers link to in their comments.

Then all the spammer has to do is inject spam comments with these email addresses and hope that they match whitelist email addresses.

Even worse, all of this can be kept on file so that when the spammer goes onto the next blog it can match up commenters it finds with addresses already on file.

Once such a spider picks up an email address like robertscoble@hotmail.com or similar, then all it needs to do is check for the presence of a comment from Robert, and inject with that. Etc, Etc…

By: Blob » Comment moderation tips

Blob » Comment moderation tips — Sat, 22 Jul 2006 00:54:32 +0000

[...] Recently JP was talking about Sleeper Spam on blogs. It made me think about writing down the internal process I go through in my head when it comes to approving comments on my blogs. I commented this on the post and thought this might be helpfull to others. So I’m posting it here. Good point. One thing I always do is check out the url submitted with a comment . If it looks and feels right it’s a tick towards approval. Sometimes I also look at email address left. If they check out and I feel okay about it it’s approved. Sometimes there’s no substitute for the human traits this kind of thing requires. [...]

By: malcolm

malcolm — Fri, 21 Jul 2006 11:48:07 +0000

Actually wasn’t one of my ideas I read it on a blog somewhere or something – can’t remember where :)

By: V Ramaswamy

V Ramaswamy — Fri, 21 Jul 2006 09:14:19 +0000

Hi, exactly this happened to me this morning. Yesterday someone had gone through my archive and made one of a few stock comments on most of my posts (great, how nice, fantastic etc). I was intrigued. Today I found a new comment everywhere giving a link to a gambling site! I’ve just started blogging, so its a useful early lesson on setting my filters. Chutki

By: Dave - Lifekludger

Dave - Lifekludger — Fri, 21 Jul 2006 06:47:30 +0000

Good point. One thing I always do is check out the url submitted with a comment . If it looks and feels right it’s a tick towards approval. Sometimes I also look at email address left. If they check out and I feel okay about it it’s approved. Sometimes there’s no substitute for the human traits this kind of thing requires.

Recently, if a comment doesn’t even include a url or maybe an email, I don’t approve it.

People have to be accuntable for their actions. Having a valid, active and obvious well meaning blog is a sign of this. It’s part of identity and you need identity for accountability.

As an aside, I’ve often wondered why splogs that don’t have any advertising attached exist. Maybe it’s along those same lines.

Dave – Lifekludger