Creating the Ultimate Spam Comment
Posted by Jon Lee in Offtopic, tags: comments, programming, security, spam-protection
Everytime I take a look at the comments in my Defensio quarantine, I see tons of spam comments that are so blatantly spam that I’m not sure how they accomplish anything (on blogs with spam filters anyway). More recently, some spam comments are beginning to appear that force me to think twice before permanently deleting them from the quarantine since they don’t look as “spammy” as other spam comments.
For example, I’ve been getting a lot of this:
I couldn’t understand some parts of this article, but it sounds interesting…
It is a constant struggle between spammers and spam filters. Spammers come up with new innovative ways of generating clicks and linkbacks to their sites while spam filters try to adapt as quickly as possible.
Creating the Perfect Spam Comment (Disclaimer: Educational use only)
Personally, if I were to create a program that spams blogs (I wouldn’t of course), I would make sure it has the following features:
- Detect the CMS platform
Some of the following points is dependent on which CMS a blog or site is running. Knowing the software and version can let spammers tailor the comment properly for the site. - Properly format the comment
Using BBCode on a blog that doesn’t support it is an immediate flag for spam. Not using BBCode on sites that do support it leads to incompatibility. - Include only one spam link
Having too many links is a sure sign of a spam comment. Either put the link as the URI or in the comment itself. - Use different links
If sticking to just one link isn’t possible, make the links different. Multiple links to the same page is another sign of a spam comment and a simple redirect will solve this. - Avoid obvious keywords in content and URI
Depending on the purpose of the spam comment, this may not be possible. For example, spamming for SEO will require using a set keyword whereas spamming for traffic should avoid using “spam” keywords like “viagra” and “casino” in both the linking text as well as the URI itself. - Scrape content from the post or site
Quoting part of the actual post and addressing the author by name in the comment will definitely catch their attention. This will also make your comment unique across different articles and sites thus preventing “duplicate” spam detection. - Spoof or rotate originating IP address
Certain IP ranges are where a lot of spam comments originate from. If too much spam appears in an IP range, those IPs may be blocked completely.
This is not a tutorial on how to make a program/script to spam blogs. These are merely observations I made on the short-comings of current spam comments. Possibly, it can be of some use for programmers to implement into spam filters (I’m not sure exactly how the innards of spam filters function).
Popularity: 5% [?]
Entries (RSS)