Spam revenge: Rise of the manual spammer
Mikey 29 commentsSince introducing our simple CAPTCHA a few months ago we've had not a single spam-bot get passed it, something we here at Rusty Lime are all thankful for.
But there is one form of spam that has started to appear that no amount of clever coding can prevent - the manual spammer.
Manual spam as the name implies is a comment left on an article that at first seems legitimate, but looking again it becomes apparent it was manually entered by someone trying to pimp their products or services - or have been paid by someone to do it.
A few weeks ago we got our first instance of manual spam. They are usually written in a similar sounding format, something to the effect of...
"Wow I never thought of it like. Great article!"
...or some put in even more effort like the comment I just deleted...
"Wow, it's stuff like this that makes getting up in the morning and checking the blogosphere such a great idea! I was miserable this morning till I read this! Keep bringing colour to our lives!"
The name of the commenter is always obvious keyword spam, with the latter just mentioned by someone called "Andy Badge Badger" with a link to his site where he sells - you guessed it - badges.
Making them stand out, aside from the over-obvious attempt to gain favour with compliments about the article, is how out of context they are.
Ah spam. Crap when generated by bots, just as crap (or more so) when written by humans. When will they learn?
Looks like it's time to go 'no country' on some fools..
...in response to this comment by The Computer Whisperer. Yeah I was thinking about making that modification this weekend. I won't do the email address thing though because that' useless to me. I don't understand why so many blogs ask for your email address even if you aren't a member if they have no intention of doing anything with it.
Wow! Awesome article! Come to GentlyUsedMaritalAids.com for some awesome deals!
(Sorry, I couldn't resist. Now to see if that's a real url or not...)
...in response to this comment by Mikey. They might be using the email addresses to recognize returning commentators and give them a free pass through the spam filter if they have been approved before.
...in response to this comment by Jim. LOLZ. Kudos for the effort.
...in response to this comment by Kim OJ. There's no verification with those fields though - everyone just puts in or something like that. I can't see how they would get any meaningful information from it.
...in response to this comment by Mikey. The spam filter might have the option of giving a free pass to email addresses previously accepted by the moderator.
So if my comment gets held up for moderation the first time before being approved by the moderator, the filter will know to allow comments associated with my email address in the future.
I dunno Kim, I think everyone should be able to post immediately, or it might discourage people from posting in the future if their comment doesn't appear in the right place, ie, directly below who they are responding to.
I think a filter that picks off website addresses for non registered users and replaces it with . or perhaps it could come up with an error and not let them submit until they either remove the web address or register.
I'm not really a tech kind of dude, but what about IP banning? Another site I go to does this, but I have no idea how it works. As a side note, Gently Used is not a real site, though all I need now is a good business plan and a couple bucks to buy the domain name :P
...in response to this comment by The Computer Whisperer. I am not suggesting holding the comments for moderation.
Just saying that that could be the idea behind other sites gathering of email addresses.
...in response to this comment by Jim. That seemed like a good idea to me a while back too but many people have dynamic IP addresses so it becomes to hard to manage properly. That was actually one thing we did in our first anti-spam implementation but it only stopped about 20% of spam.
PS: Gentlyused.com.au is currently not registered - knock yourself out :-)
Nick
Saturday 28th February 2009 | 10:39 AMOne method i have used in the past is a twist on the validating email.
The new user posts a comment, (entering in there email address) it is then visible for 7 days, and an email is sent to the commenter asking them to validate there email, if they dont click the link then the comment is deleted after seven days, if they click the link then the comment stays and they never have to do it again as the email address is valid.
it had a 100% success rate for both real users entering there email address and 100% for keeping both automated and human powered spam off my site.
...in response to this comment by Nick. So a spam comment is still visible for 7 days? I would probably reduce that window to 1 day.
Mmm, alot of interesting flavours mentioned. I still think it's important for non-registered users to be able to post anonymous comments.
Hey Mikey, am I right in assuming the entire issue is this....
Basically, anonymous people making comments that are not relevant and are purely for promoting their website?
I still think only registered users should have the ability to enter a website and non-registered users need to enter an email address.
Would this not work even without validation?
The comment section could also be filtered for websites if people are not logged in to a registered account.
...in response to this comment by The Computer Whisperer. "Basically, anonymous people making comments that are not relevant and are purely for promoting their website?"
Pretty much. I agree with the idea of only registered users having the advantage of a link attached to their name, so I've now done that. I had considered it before but honestly right now I can't remember why I changed my mind about it back then LOL.
Now, if not logged in, they are advised of this fact and that they can still comment anyway but without the same advantages as registered users. Spammers know not being able to have a link attached to "badges badging company" is almost pointless.
I've not forced an email address though in the interest of making it as easy as possible.
EricVonZipper
Saturday 28th February 2009 | 09:31 PMGood to see you found a middle ground, so to speak, Mikey.
It's also great to see you understand that you never, ever place obstacles in front of people that wish to contribute to a website.
...in response to this comment by EricVonZipper. Cheers. It's important.
Damned spammers
SYS64738
Commodore 64 reset/reboot command :-) Thanks Mikey, I'd also like to thank google.....
ps... there should be a space between SYS and 64738, being that SYS is the command and 64738 is the parameter :-)
...in response to this comment by The Computer Whisperer. Haha - so did you know that before you Googled it? Kudos all the same :-)
I have to comment upon how great the CAPTCHA system on this site is; most of the pictures are easily recogniseable and put a twist on just writing randomly generated. Great work.
A well written article, and about the spam, is the "Wow I never thought of it like. Great article!" considered spam on it's own? Well written article, but it is amazing what lengths people will go to in getting their wares sold.
I had a massive annoyance of spam in my inbox a while ago, I had to change my email address to get rid of it.
...in response to this comment by Foshiznay. Thanks Foshiznay. I think CAPTCHA is still too annoying on most sites and I didn't want to burden our users with deciphering drunken alpha numeric sequences or worse.
Well the SYS 64 was a good hint... should have picked it up there, but no... I had no idea.
Rob
Friday 11th September 2009 | 12:33 PMHope you don't mind, I'm just curious as to how well your anti-spam works. Is the catpcha thingy case sensitive? What if I hyphenate (Its Spider-Man :)
Rob
Friday 11th September 2009 | 12:34 PMThats pretty cool actually. I'm gonna try to implement something similar on my own site now. (queue: link to my massive online discount plastic toy warehouse :P)
...in response to this comment by Rob. Hi Rob. 100% success rate so far.
I've catered for variations on the characters. Example: spiderman, spidey etc. I don't think Spider-Man is there but if it isn't I will add it. And no it's not case sensitive.
My only suggestion if you do this is to use iconic characters - the sort that everyone from current and past generations would know. That would rule out - for example - some sort of obscure anime cartoon character (or any anime for that matter).
Good luck with it.
...in response to this comment by Mikey. Does this mean I'll never see Pikachu down there? :P
The Computer Whisperer
Friday 27th February 2009 | 09:35 PMWhat if only registered users can post links and enter their website, what if non-registered users can only enter their email address.