Sleeper spam

This may be familiar to most of you, but it was a revelation to me. So I thought I’d share it just in case.

Malcolm and I were chatting this morning, and the subject of comment spam came up. Both of us had noticed that of late, there had been a profusion of comments that made perfect grammatical sense, had no links, avoided mentioning sex, drugs, rock’n’roll ringtones or organic growth, and seemed to be an extract from something somewhere. The names and reference points of the “sender” were well-formed as well. In fact there was only one problem with all such comments; even the most extreme flight of fancy was inadequate in making a connection between the post and the comment.

You’ve probably had the same experience. Malc’s view of what was happening was interesting; the spammers are trying to get approval for the innocuous comments in order to “teach” the spam filters that they are Orl Korrect. And once that status has been consistently established, the games begin.

Makes sense to me.

5 thoughts on “Sleeper spam”

  1. Good point. One thing I always do is check out the url submitted with a comment . If it looks and feels right it’s a tick towards approval. Sometimes I also look at email address left. If they check out and I feel okay about it it’s approved. Sometimes there’s no substitute for the human traits this kind of thing requires.

    Recently, if a comment doesn’t even include a url or maybe an email, I don’t approve it.

    People have to be accuntable for their actions. Having a valid, active and obvious well meaning blog is a sign of this. It’s part of identity and you need identity for accountability.

    As an aside, I’ve often wondered why splogs that don’t have any advertising attached exist. Maybe it’s along those same lines.

    Dave – Lifekludger

  2. Hi, exactly this happened to me this morning. Yesterday someone had gone through my archive and made one of a few stock comments on most of my posts (great, how nice, fantastic etc). I was intrigued. Today I found a new comment everywhere giving a link to a gambling site! I’ve just started blogging, so its a useful early lesson on setting my filters. Chutki

  3. Yes, I get this a lot – and the worst thing is that they often don’t flag up on Akismet (automated spam filter).

    The issue, of course, is that the email address field in comments has become a “key” (in the lock/key sense of the word). If you submit a comment with an email address that’s already been approved once, the blog software will probably publish it imediately.

    Of course, email addresses in comments are kept secret but links to websites/other blogs aren’t. Next step will be for spammers to crawl your comment stream (easy if you have a comments RSS feed) and pull out email addresses from the pages your readers link to in their comments.

    Then all the spammer has to do is inject spam comments with these email addresses and hope that they match whitelist email addresses.

    Even worse, all of this can be kept on file so that when the spammer goes onto the next blog it can match up commenters it finds with addresses already on file.

    Once such a spider picks up an email address like [email protected] or similar, then all it needs to do is check for the presence of a comment from Robert, and inject with that. Etc, Etc…

Let me know what you think

This site uses Akismet to reduce spam. Learn how your comment data is processed.