Social engineering in comment spam
A comment made on a previous posting:
“I googled for something completely different, but found your page… and have to say thanks. nice read.”
Wouldn’t you immediately hit the “approve” button?
In this case, the comment poster’s url pointed to http://otaro.co.uk/, a page full of “cheap car hire” ads and links. Ironically, the poster’s email was the confidence-building “please.no.spam@otaro.co.uk”. But the best part of course was the combination “I googled for something completely different” (so you don’t expect me to write anything relevant) and “have to say thanks, nice read” (so you approve in a wink). The blogger’s ego… the weakest spot in comment spam protection.
Now this was a simple one, because the hurried spammer left his link load on the first script run. A more patient strategy would have been to build confidence in the targeted blogs by not giving away his intentions immediately. Lots of (at least Wordpress blogs) hold comments from unknown posters (ip’s, mail addresses…) in moderation by default. Once a comment is approved, the poster is whitelisted. The technique would work on the level of individual blogs, and, when smart enough to fool lots of users, maybe even for systems using the kind of collaborative filtering such as used in Akismet.
So you better think twice before approving another vague “thank-you” or “great reading” post….
BTW: Seo BlackHat is an interesting (and entertaining!) resource on all kinds of web spam – he hasn’t written on this yet, so maybe it was his? :-)
Bookmark this post:
Subscribe to future posts:
16 Comments »
November 29th, 2005 at 03:06
I googled for something completely different, but found your page… and have to say thanks. nice read.
;)
Wasn’t me, but I’ll trackback to this article in the next few days.
-q
November 29th, 2005 at 23:26
[...] m SEO Black Hat Homepage I went over to pascal vanhecke’s weblog to read Social Engineering in Comment Spam: “I Googled for something comple [...]
November 30th, 2005 at 00:50
No it wasn’t him. But impressive that you think of him. Pretty good branding I would say.
Sorry for spamming you, I see you’re using nofollow anyway – so it made absolutely no sense to spam you. I think I have to fix the script a little bit… it’s not easy to recognize this automatically. But I’ll try hard.
November 30th, 2005 at 02:35
The summum of social engineering: apologising for spam!
I couldn’t but approve this last comment :-)
The ip addresses of the original deleted comment (84.159.231.250) and this last one (84.159.205.96) come from the same (dial-in) network, so I assume it is the same person… you can still add them to your comment blacklist!
December 9th, 2005 at 18:42
I googled for “I googled for something completely different” and found this page ;)
I get a lot of those spam comments in my moderation, and don’t bother to approve them. Interesting that Mr. Otaro stopped by here to say hi.
December 9th, 2005 at 21:01
I Googled for “i googled for something completely different” because i got the same fishy comment:
Then i found your page, which confirmed my hunch… and have to say thanks.
Mine linked to a similiar site with travel links, but it was in German.
December 30th, 2005 at 20:28
Clearly, spammers don’t have to be too sophisticated with their spamming tactics because the average blog owner will easily approve such comments. They obviously put some thought into getting inside the mind of a blog owner, which probably has increased their approval rate, but taking the time to build credibility with blog owners simply isn’t necessarily for achieving the results they’re after.
January 29th, 2006 at 20:49
Oh… what a nice idea… can I try it here? ;-)
September 19th, 2006 at 23:53
Wow, you said a mouthful.
October 10th, 2006 at 09:24
I googled for something completely different, but found your page… and have to say thanks. nice read.
October 10th, 2006 at 09:39
Very funny Mr Lowerdown, but not really original :-)
November 15th, 2006 at 04:57
[...] While reading up on this a little, I found another theory from Pascal van Hecke that these spams are to try and manipulate my blog’s whitelist so future spams can evade detection. [...]
November 15th, 2006 at 05:04
I got a few of these lately on my blog. I’d approved two of them before I realised what was going on. I like your theory of whitelist manipulation, I put a link to this article on my blog I hope you don’t mind.
April 7th, 2007 at 10:39
[...] ja päädyin lopulta Notes, links and conversation -nimiseen blogiin. Merkinnässään “Social engineering in comment spam” kirjoittaja analysoi tismalleen samanlaista kommenttia. Ja nähtävästi miljoonat muutkin [...]
January 10th, 2009 at 13:39
Hello I like your post so well that I like to ask you whether I should translate and linking back. Please give me an answer. Your Goldpreis
February 6th, 2009 at 09:58
I got a lot of those inane comments on my guestbook – and that was my first thought too. Even the ones that don’t have a direct link payload except for the one (and I check them) are usually left unmoderated for a while to think it over.
Interestingly, though, I’ve also got a reverse issue – anyone who comments in russian gets picked up by the spam filter automatically. I’ve had a fair few russian commenters on one of my posts about wordpress 2.7 and the admin interface, and with a bit of google translate assistance, found they were legit – checking back to some of their sites I found they had comments that also bemoaned the fact that anything they commented with an .ru email or site got blocked automatically from any non ru domain. I have to say so far I’ve found they’re right, although now I’ve approved a few (I tend to paste the translation into the comment, except on that post which seems to be mostly getting traffic from those speakers anyway) I’m now getting a lot more interest from the russian speaking community.
Thank heavens for Google Translate, is all I can say.