spam

Twitter Looking To Hire Spam Engineer

The other day, I noticed Ev Williams who is the co-founder of Twitter, send out a Tweet mentioning that the company was looking to hire a spam engineer. Imagine how much it would suck if the job title was rearranged to engineer spam. Of course, there are already plenty of people/bots that have fulfilled that role. At any rate, I hope the position is filled quickly so I can stop receiving followers such as this one.

Twitter Spam Lady

Despite the half way decent looking avatar, this lady has earned a spot on the blocked list.

Registry Scans On Skype

I woke up today and discovered that Mr. Registry Scan had contacted me over Skype. Apparently, Windows requires immediate attention and security center has detected malware on my computer. A funny joke considering that I bet it wouldn’t be discovered unless I clicked on the link provided within the message.

If Mr. Registry scan ends up contacting you through Skype, immediately block him and DO NOT click on the link provided within the message.

I hope I don’t have to look forward to being bombarded with messages from Skype accounts with spam. That would become seriously annoying. This is one of the reasons why I never use the SkypeMe! availability option.

Is This How Comment Spam Works

As I was checking out my Akismet spam filter one day, I noticed a comment that was labeled differently than most of the other ones I’ve seen. This comment linked to a site called BotMaster. According to the site, BotMaster sells a service called Xrumer that comes bundled with Hrefer which is an automated link-building tool. BotMaster claims that the tool has nothing to do with spam and that its primary purpose is to build links and search engine power to your site.

These are funny claims considering a comment which was created by the BotMaster software appeared in Akismet as spam. This is the first time I’ve come across an actual site selling services/software for link building purposes. The software will set you back $450.00 but that seems like a high price to pay to have whatever site you are promoting to show up in Akismet as spam.

I am not trying to actively support or advertise this service but rather, highlight the fact that these things do exist. This makes me wonder how much spam is generated on forums and blogs with software such as this. Anyone else come across botmaster within their own Akismet interface?

Twitter Implements New Limitations

StopTwitterSpam

According to the StopTwitterSpam website, the folks at Twitter have updated their Help Page to reflect new changes that have gone into effect in regards to Following and Updating limits. It looks like these limitations have probably gone into effect to not only lessen the strain on the overall infrastructure of Twitter, but to also deal with spam. As far as the limitations go,

What are the limits, specifically?

The limits are based on multiple parameters–not a single metric. Because the limits are in part meant to curtail nefarious behavior, we are not revealing the specifics of how they are reached. Please note that these limits are sure to change as we figure out what works. We’ve taken a best guess to get started, but Twitter is still evolving and new uses are being invented all the time.

Good idea on their part as this will make it harder for Twitter spammers to reverse engineer the limitations. Hopefully, this does not adversely affect the majority of legitimate Twitter users and helps to make Twitter a more reliable service.

Twitter Gets The Bird Flu

Twitter Spam

It looks like the time has arrived for Twitter to step up to the plate and do something about this spam problem. Over this past weekend, I received over 20 different email notifications that so and so was following me on twitter. Only 3 of those people were legit. The rest of them were spammers who were following thousands of people and the only updates they had made to their account were spammy links.

Adam Ostrow of Mashable correctly identified some time ago that Twitter was going to undergo a spam explosion and his prediction appears to have come true. In fact, he recently wrote another article highlighting his inability to sleep because of the constant buzzing noise his BlackBerry was making due to spammers following his account.

Then, I come across an interesting experiment through Twitter. There is a user on Twitter who goes by the name of RU4Real. The name has a purpose. The account was created by someone named Nantel as an experiment to see how many people would automatically follow a spam bot without first checking the content that said user has posted. As it stands, the account is following 5,484 users with 98 of those following this account. It’s already been discussed that the majority of the followers most likely have their Twitter account configured to automatically follow anyone that follows them.

Here is how the project has progressed thus far:

I created a new Twitter account that specifically tells people what it’s for and not to follow it. I then followed >5200 Twitter feeds to see who would reciprocate without reading. At last count, it had 94 followers. Interestingly, an additional 41 people initially followed me back, but then read the account description and changed their mind (good!). I also had to block 3 others that admitted following RU4Real even though they knew that it was an experiment.

I’ve also received some requests for my real Twitter account. Just don’t expect me to blindly follow you back

There is also need for you to block the account, it will be deleted once the experiment is over.

Phase 2 will begin once it gets 100 followers. During this period, I won’t add anybody else until the weekend to see if I can attract those spam followers that have been annoying everyone.

This is at best a very interesting experiment. Now, the recent poll put up by Mashable asks the question, Is it time for Twitter to move aggressively to prevent spammy accounts? The results so far speak for themselves. 359 people have voted yes compared to 30 people who have voted no. Of course, if you don’t use Twitter then you obviously could care less. But for those who actually use the service such as myself, I think it’s time for Twitter to take Adam’s suggestion of at least implementing a CAPTCHA solution that is presented to user’s after you press the follow button. This is the bare minimum that should be done to combat this problem of spam.

How about you? Have you received a major influx of spammy twitter accounts choosing to follow you? What other suggestions can you think of that would help Twitter deal with spam more effectively?

As a side note, if you take a look at the following image quite a few people who are following RU4Real are big names on the web.

Another Mile Stone Reached

As it turns out,

Akismet has caught 10,023 spam for you since you first installed it.

It wasn’t too long ago when Akismet blocked the first 1,000 spam messages. In just a short time after that, it’s now 10,000. Next Stop, 100,000. And if the past is anything to go by, 100,000 will be reached in no time at all! Thanks Akismet for saving me a ton of time and hassle.

FireFox Saved Me!

PhishingBlocker

Early in 2007, I finally managed to file for my first credit report since they passed the law allowing for one free credit report per year. Out of the number of institutions available for filing my credit report, I chose to go with Equifax. I was pretty impressed with how fast it took for them to process my information. Once they were finished, I was able to see my credit report online. And, in case you were wondering, my credit score is around seven or eight hundred which I hear is pretty good.

This year, I have yet to file for my credit report but I received a piece of email the other day from Equifax telling me that I was required to fill out a particular form they had sent me.

equifaxemail

Well, I wasn’t in a hurry to open up any emails from them but when I finally did, here is what I saw.

Equifax Scamjob

Looks convincing doesn’t it? Well, after thinking about it for awhile, I decided to click the link to see what it was all about. The result? The first image you see in this post. This is the first time I’ve ever seen this notification which took me by surprise. After receiving the update, I did a Google search on the scam and yep, this was an Equifax phishing email.

So not only did I want to warn others, but I wanted to give a big thank you to the built in Phishing filter in FireFox. You saved me bro!

Splog And Blog – Tell The Difference

If you are a blogger, chances are, you have either dealt with spammers already, or will be doing so in the future when your blog becomes more popular. These days, spammers are using any means necessary to get their links on your blog. These tactics include link filled comments, bogus pingbacks and bogus trackbacks. What I’m going to focus on within this article is deciding, whether a pingback or trackback is coming from a legitimate blog or not.

The example I use in this post will be from a random site that is attributed to a bogus trackback url that was found on a Mashable.com post. I won’t be directly linking to the example site because that is what those spamming bastards want. Determining whether a blog is fake or real is easy once you figure out the patterns. Granted, these patterns change from time to time, here is a collection of tactics I use to determine if a blog is fake or not.

What Is The Difference Between A Splog And Scraper?

Special thanks to Lorelle who stopped by and added her definition for these two terms in the comments section of this post.

A splog is a “spam blog”, a blog with little or no purpose other than to promote or sell something and make the blog owner money. The content is usually made up, or duplicated throughout the different posts, or a collection of post titles and excerpts from a variety of keyword matching posts in a link list.

A scraping blog is a blog that uses an automatic tool, often a WordPress Plugin, that snatches the content from legitimate blogs, called “scraping”, and uses it as its own with no original content. Some present the content in full posts, a big copyright no-no, or as an excerpt, often as you mentioned, with the “Charles wrote something interesting today” lead-in.

Also, according to Lorelle, “A scraping splog is the worst of both types.”

Precautions First:

When you discover that someone has linked to your post, the first thing you should do before visiting the site to check it’s authenticity is to make sure you have popup blocking software turned on as well as anti-virus software. I use something called Ad-Block-Plus which is an awesome FireFox extension. I highly recommend it. The reason for these precautions is that, it doesn’t take much for you to be infected with something. Especially if you run a Windows based machine that doesn’t have the latest security updates.

Checking The Theme:

The first thing to check for when visiting the source of the trackback URL is the blogs theme. A lot of spammers will generate a blog with the default theme and in the case of WordPress, this theme is called Kubrick. Here is an example of what I’m talking about.

Default WordPress Theme

Kubrick is actually a fantastic default theme for WordPress. Quite a lot of people end up using this theme. I also wanted to mention that spammers do use different themes other than Kubrick. In fact, I’ve noticed many of the sploggers are now using themes other than Kubrick. This is when it’s time to evaluate the content of that particular site. But before we move on, I want to show you something that appears on this blog that should never appear on ANYONES blog.

Adware On A Blog

Don’t worry, this is only an image. This is what I found on this particular example of a splog. If you were to click on this banner, you would probably be infected with some sort of adware or trojan even if you were protected by software. No blog should ever have an advertisement like this displayed on their blog. This is a dead give away to get the hell out of there before it’s too late.

Checking Out The Content:

Lets take a closer look at the content posted within the image up above. That post generated a trackback URL on Mashable.com, a very popular website covering social-networking and all that jazz. A good score for the spammer as they are sure to receive some sort of traffic through that backlink. Within this image, the title of the post matches the title of the original post on Mashable. The next dead give away is the text “By Charles“. There is no one on that blog by the name of Charles. In my experience, the spammers software automatically places a random name into the Author Field of the post. This author name usually links to the original post but in this case, the author name is not linked.

Another suspect of a splog is the related content. In the screenshot, you can see the title of the blog is Social Sites News. And since they linked to Mashable, you would think this blog is about social-networking and web 2.0 stuff. So why then, is there a link near the top of the page, to an article about Great Barrier Reef holds drug key to diseases. The reason is because, these spammers use software that resembles search engine spiders. They crawl content across the internet that contains a predefined list of keywords. Once an article is discovered that contains a keyword, the software scrapes the content, and then links to it, generating a trackback or pingback url. Here is some evidence that further substantiates my claims.

Categories Of Keywords

Each keyword this splog is targeting is labeled as a category. This is just a sample of the categories listed on this splog. I recognize the fact that there are bloggers out there that blog about A LOT of different subjects and each one of those subjects can be a category. Thankfully, there are other attributes that play into the matter as to whether the site is legit or a splog.

Checking The URL:

I’ve actually taken some flack for this section of the post. I’ve had numerous people tell me that the question mark and the obscure link text is nothing more than proof that the blogger in question doesn’t know about SEO friendly URLs. The 99% claim is not in general, that was a number based on my own experiences.

The question mark that is sometimes included in the URLS that these sploggers generate is nothing more than evidence that either the blogger doesn’t know about SEO friendly URLs, hasn’t bothered to change them, or at the very least, a potential sign that the blog may be that of a splog.

I’ve also been told by Jonathon Bailey to look at the actual domain of the said blog. According to Jonathon, many sploggers are using .info domains because of their cheap price. However, sploggers will use anything they can get their hands on in order to achieve their goal which usually consists of making a profit.

The Default Meta:

I’ve been informed that the default Meta block that is displayed by default on every fresh install of WordPress is not an indication of anything. At first, I thought the login link was a security issue, but Lorelle has reminded me that if someone wants to try to login to gain access to your administration panel, they probably already know the login link thus, making my LOGIN link security issue a moot point.

Blog Postings With Many Misspelled Or ReArranged Words:

Words that don’t make sense, are scraping splogs which run the stolen content through a spinning process, which “translates” the content to make it “different” from the original while staying the same and often injects ad links into the content or keywords that match whatever it is they are selling.

Conclusion:

This is by no means the end all be all of ways of determining a legitimate blog from a splog. These are all tactics that I use for this blog in determining whether a trackback or a pingback is actually legitimate. I will admit, I did comment on a blog one time, thanking them for linking to me. At first glance, they looked pretty legitimate but instead, I found out they scraped the content of a Mashable post and published the entire article word for word. Since the Mashable article linked to me, this splogger also linked to me. After that experience, I told myself that I would closely examine any other site that linked to me to determine it’s legitimacy.

If you feel up to taking on these bastards head on, you can check out a post that Lorelle ( How to Stop Content Theft: The Best Tips ) published on her blog which has tips and suggestions on how to report these time wasters.

I wanted to take this time to remind you that as a blogger, it is your responsibility to ensure that these crappy spammers don’t fill your blog with porn links, or links that would otherwise put your readers in danger. I’m sure Mashable tries to do a good job at combating spam and deleting bogus trackback URL’s, but as my example up above shows, they can’t get every one of them. As a reader, if I were to click a URL on Mashable.com which clearly looked related to the article in question, and that site ended up infecting me, I sure as hell would hold Mashable.com responsible for the infection. Wouldn’t you? If every blogger did their part with their own blogs to combat this problem, I’m pretty sure that spamming blogs would become a business model not worth pursuing.

If you disagree with anything you read in this post, or if you have some additional tips, feel free to post them below.

Letting Spam Loose For A Day

Akismet Logo

Mark your calenders because on December 15, 2007, WordPress user’s across the blogosphere will be turning off Akismet. Ok, not really. But Jesper Rønn-Jensen has decided to do it. He calls it, Spam Filter Free day where he will disable the Akismet anti spam tool on his blog for 24 hours to figure out, just how much work Akismet does for him. It’s an ambitious project and I can only imagine how much time it will take to clean up the mess after the event is over with.

I’ve seen numerous bloggers writing posts which state that Akismet is asking for us to disable our spam filter on this day and then report back to them with the results. This is not the case. Akismet merely brought Jesper’s post to the forefront and asked if anyone else would be willing to go through with it. If so, Akismet would love to hear back from you.

I’ve decided not to go through with the project. Like so many others that commented on Lorelle’s article, (Are You Willing To Go Naked For One Day For Akismet) I can see just how much work Akismet has saved me from doing by looking at the spam filter statistics. So far, Akismet has protected this site from 4,528 spam comments. I’ve left my blog alone for more than 24 hours and when I come back, I have to sift through over 100 or more spam comments to see if Mike was flagged as a spammer. Akismet is not perfect, but it does a damn fine job of blocking a lot of spam.

So will you be going naked on December 15?

Bloglines Impersonated By Spammers

BlogLines Logo

If you received an email from Bloglines over the weekend, you can discount it as spam. According to Bloglines, a little less than 1,000 email messages were sent to individuals over the weekend. The email contained recommendations to various posts on a Chinese blog which were sent via the “send a post to a friend” feature on Bloglines. Many people may have thought this to be an official email as the signature of these emails contained the text “The Bloglines Team”. As it turns out, no one from the official Bloglines Team sent out any of these emails.

Bloglines has since banned the user’s IP address and has suspended the “send email” feature to monitor the situation.

Bloglines sends out email to our subscribers for purposes specific to operating Bloglines (registration verification, change password, change of terms of service and other policies, significant product announcements, etc) Most product announcements can be found on the Bloglines News Feed. We take your privacy carefully and will protect our customers from spam. -Eric Engleman and the Bloglines Team