Category: Spam

Posted on
by

You’ve probably seen it: comments that say something entirely vague and either flattering or condescending, that could apply to just about any article. And then they link to an “escort” site, or a pill seller…or some small-town insurance office in the middle of nowhere who hired a black hat “SEO expert” who promised he’d get them backlinks and doesn’t care about the site’s reputation.

I got a great one last week: Somehow instead of getting one randomly-chosen message from a set, I got all of them in one comment: Continue reading

Posted on
by

Over on another blog, I noted that Netflix’s new DVD name Qwikster sounded familiar. I got some support requests and a small spam run, including this comment:

I keep getting these creepy late-night phone calls from the CEO of Netflix saying that no one else is ever going to love me like he does.

Why do I get the feeling that someone read Woot’s parody of the post?

Posted on
by

Opened up a spam trap I’d forgotten about and found ~40 copies of some — well, I hesitate to call it a newsletter, but it was a long collection of headlines, summaries, and links to news items and dubious reference sites that looked like someone had taken a few dozen conspiracy theories, put them into a blender, and then splattered them onto the page like Jackson Pollack.

At least, I want to believe it’s some horribly-mangled computer-generated aggregation…but it wouldn’t surprise me if it turns out to be someone’s serious attempt to create a newsletter without being able to write a coherent sentence.

Posted on
by

In clearing out my spam folder today, I found the following message:

Bad Link on hyperborea.org

Dear webmaster,

There was a link that didn’t work for me on this page of your website, http://www.hyperborea.org/flash/flashpoint.html. It points to a Constitution Day page that doesn’t seem to be there any more, [link removed].

We published a great resource on the U.S. Constitution Day on Online Law School.Net: [link removed]. It would make a great addition to your resources and replacement for the page that no longer works.

Sincerely,

Maddie Bryant
[email removed]

On the surface, it sounds like a reasonable message. If you’ve got a broken link, then you want to know, and hey, if they’ve got an alternative, so much the better, right?

But here’s the thing: The broken link isn’t on the page. I don’t think I link to that page anywhere on my site. There is a reference to the 22nd Amendment, but not to anything about Constitution Day.

In short, it’s another form of link swap spam based on automatic keyword matches with no real intelligence to it.

That’s not really something I want to be linking to.

Posted on
by

I’ve been seeing a lot of those “I just found your blog by searching and it’s the best thing since sliced bread” comment spams lately, some even slipping through Akismet. But this one was just hilarious in its unreadability:

Virtuous what I used to be in search of and quite thoroughgoing as floor. Many thanks for placard this, I noticed a yoke diverse associated posts but yours was the optimum thus far. I outlook it stays updated, adore worry.

Posted on
by

I found a sneaky type of spambot this morning. It was impersonating regular commenters on Speed Force, using their names and (at first glance) email addresses to blend in.

The names weren’t terribly surprising, but the email addresses were. Where had it gotten them? WordPress shouldn’t reveal them, unless there’s a bug somewhere. Was one of my plugins accidentally leaking email addresses? Had someone figured out a way to correlate Gravatar hashes with another database of emails?

As I looked through the comments, I realized that in most cases, it wasn’t the commenter’s usual email address. Here’s what the spambot was doing:

  1. Extract the author’s name and website from an existing comment.
  2. Construct an email address using the author’s first name and the website’s domain name.
  3. Post a comment using the extracted name, the constructed email, and a link to the spamvertised site.

The actual content (if you can call it that) of the comments was just a random string of numbers, and the site was a variation on “hello world,” leading me to suspect that it might be a trial run. Certainly they could have been a lot sneakier: I’ve seen comment spam that extracts text from other comments, or from outbound links, or even from related sites to make it look like an actual relevant comment.

I’d worry about giving them ideas, but I suspect it’s already the next step in the design.

Update: They came back for a second round, this time here at K2R, and I noticed something else: It only uses the first name for the constructed email address, but does so naively, just breaking the name by spaces. This is particularly amusing with names like “Mr. So-and-so,” where it creates an address like mr@example.com, and pingbacks, where the “name” is really the title of a post.