Chad Perrin: SOB

26 January 2007

real humans behind the spam

Filed under: Geek,Metalog — apotheon @ 04:33

Apparently, there are real humans behind the spam comments about Tramadol that I’m getting here at SOB. My last entry in this weblog, titled weblog comment spammers are getting better, indicated that weblog comment spam is getting more devious in its ability to fool not only filters but human beings. In a comment by assaf of Labnotes fame, it was suggested that this particular attack might have been targeted and perpetrated by a real human being rather than by an automated script. Considering the sheer number of incoming comments, however, and the number of different email addresses and names employed in the flood of spam comments, I must believe that while a human being created the message it was delivered by some kind of automated script.

Today’s episode in the saga of comment spam includes a series of duplicate comments scattered through older posts, each with a different source, containing the following text:

I got the same tramadol attack… well, not the same, because it was only about 20 comments instead of 90, and i t have any filtering set up, and I just deleted them one at a time… hmm.. the only thing really in common was that it was about tramadol… what filter do you have set up that caught them all?

This one looks even more like a genuine, legitimate comment than the last, especially considering that it looks like a direct response to the most recent SOB entry. It appeared, however, in moderation for a number of different entries other than the relevant entry, and the manner of its posting makes it immediately suspicious to the perceptive site administrator. For the moment, it looks like the comment spammers are winning the war against the filter designers. Hopefully, that will change at some point in the near future. I have some ideas about how that could be helped along, and when I have the time to do so I’ll set about formalizing and clarifying them so that they can be put to good use — either by someone already working on filtering technology, or by myself in the form of a new spam filtering plugin for WordPress. We’ll see how the interest strikes me when I have time to think about it.

Meanwhile, in Randy Morin’s Destroy All Malware weblog, his most recent update as of this posting links simultaneously to my immediately previous entry in SOB and to Bruce Schneier’s security weblog — specifically to a brief linkpost titled Dogbert’s Password Recovery Service for Morons. If you add any single weblog to your feed (or reading list, or email subscriptions, or whatever) related to security, Bruce Schneier’s is the one to choose: he may well be the single most well known and respected independent security expert in the world, and with good reason.

Special thanks are due Sterling for pointing out the post at Destroy All Malware.


  1. […] My last two entries here at SOB have focused on the downside of weblogging — most particularly, on spam comments and how good their propagators are getting at slipping them past both software and wetware filters. There’s an upside to weblogs, too, though. It’s time to focus on that a bit. […]

    Pingback by SOB: Scion Of Backronymics » weblog whys/wherefores — 26 January 2007 @ 05:15

  2. Sorry if I was confusing, I didn’t meant that humans submit these spam comments.

    When you get humans to write the comments, it’s easier to fool bloggers and collaborative filters. Sometimes it looks like a genuine comment.

    I doubt people submit those comments directly, bots would do that. But bots don’t generate them.

    There’s three other interesting tricks I noticed recently:

    Submitting a spam comment only once. If I see five comments with the same content, I know they’re spam. One comment is hard to tell, higher chance that it will pass through.

    Matching the comment to the content of the blog.

    Running a search on the blog to see if the comment was posted. Look in your server logs, you might find search query for spam keywords.

    Comment by assaf — 28 January 2007 @ 07:26

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License