More new spam

Monday, August 10, 2009 7:20 | Filed in Scams & Spams

As usual, most of the spam that gets trapped in my spam filter is a big pile of links to some site either offering me the opportunity to watch pornography or to buy ginurioc vigara (or something like that, anyway). But it’s always interesting to see any new methods of trying to defeat spam filters, or new types of spam, which would tend to indicate a new spambot in operation.

For example, many of the new spammers do not include a link in the spam comment itself, hoping instead that the URL they supply for “their site” will provide some link juice for them. Now this isn’t likely to help much on my blog, considering that all of the links to these URLs are accompanied by a rel="nofollow" attribute meaning that they don’t get any Googlejuice from me, but since the bots are automated, this doesn’t stop them trying.

So you get posts which have attempted to ascertain the meaning of the post by pulling out one or more words from it and attempting to respond to them, in order to try and look more genuine, and thus hopefully get past the spam filter and manual spam catching…

On my post “Accessibility: A very British standard” then, I get this:

Are you here on holiday?spammer F

…which is a rather simple example of the genre: picking up on ‘British’ and asking the holiday question.

There was also a message purporting to show me how to scam money from banks. Now I didn’t follow any of these links, partly because this activity would be illegal, and partly because when you’re dealing with scammers and spammers, the key thing is not to trust them. Just because the link is to an image only, does not mean it is safe. Unpatched systems are open to a security vulnerability in the jpeg decoder which allows code execution.

Then for sheer cheek, there’s a response made to one of my posts about social media, where someone has obviously noticed my interest in things ‘web 2.0′…

I feel thatI should inform you about a awesome development that will change the way that you interpret the net forever. Are you familiar with web 2.0 properties? I located the best no cost adult dating website on the world wide web!Spammer S

…although unfortunately no further information was provided on exactly how the best no cost adult dating site on the world wide web (does anyone actually use that phrase any more?) relates to web 2.0 properties, so I decided not to investigate further. Besides, I thought people just went FaceFlirting these days…

There’s another technology related one:

It looks to me like you?ve just got a CSS problem, not a javascript problem. Adding: .textwidget{background: #FFFFFF;} to your stylesheet should give you the white background, but if you want it to look exactly like the other widgets, (with rouned corners and same fonts) you?ll need to make sure the textwidget class has the same css as sidebar ul. If you need a better explanation or just want me to fix it for you fill free to email me.Spammer ‘R’

Now in many circumstances — particularly if I had posted about having a javascript problem, or a problem with widgets — this might seem like a perfectly reasonable comment. In this case (on a post about twitter followers), it’s entirely irrelevant. Yet it doesn’t appear spammy per se, it just seems odd. It’s the sort of thing where you might wonder if the commenter has posted on the wrong post by mistake.

Also, the commenter’s name, and website seemed reasonable, so taking some precautions (like not allowing scripting, and typing in the URL so it doesn’t show up as a referral from my site), I decided to take a look. To discover this message:

This blog has been archived or suspended for a violation of our Terms of

Fair enough. If Wordpress are implying that they are a spammer, that’s good enough for me.

The final one was in response to my post Do Councils need a Facebook presence?, to which the response was:

The question is up there,I’m just wondering what the answer is,because if it’s yes I’ll work on my glutamine intake.Spammer B

Glutamine is an amino acid, which is frequently found associated with those ‘muscle growth’ supplements you see advertised. Obviously this is another spam bot which has presumably simply caught the question mark in the post title and tried to look vaguely relevant. But I like the alternative idea: that if Councils are to be on Facebook, we’d really all better start bodybuilding now, because… oh, I dunno, maybe if the Councils find out we aren’t bodybuilding enough, our Council Tax will go up…

You can leave a response, or trackback from your own site.

1 Comment to More new spam

  1. Jared Smith says:

    August 10th, 2009 at 6:07 pm

    I’ve also seen an explosion of this type of spam lately. I’ve even detected multiple IPs and accounts working together – one drops keywords and one drops URLs. It’s getting out of hand, but I’ve implemented a few things into most of our forms that are stopping almost all of the bots.

    But the bigger problem is human spammers – and I suspect some of your spam comments may be from humans also. These have become VERY difficult to stop on web-based forums – particularly if they actually read a thread and make a post that actually contributes to the discussion, with maybe a few keywords or links dropped in there.

    On the WebAIM web-based forums, I’ve been getting several posts per day like this. One guy even actively participated for several weeks before going back to edit the posts with spam words and adding a spam link to his signature. These types of things are very hard and time-consuming to detect, fight, and prevent.

Leave a comment