We all know spammers change their methods frequently. But there are also some broader trends that slowly emerge over long periods. The economics of spam has changed considerably since Akismet first started back in 2005, and that has led to some new trends and changes in spam patterns recently. Here’s a quick summary of some of the most important changes in web spam we’ve seen over the last year.
- Human-posted spam has been on the rise for some time. Low-paid workers are hired by “SEO” firms to post comments on blogs and forums, advertising their clients’ web sites (typically small local businesses). The workers generally operate out of internet cafes and universities, particularly in India, South-East Asia, and Turkey. The quality of comments varies, with the best written spam usually coming from SE Asia. There are now sophisticated marketplaces set up specifically for hiring manual workers to do this kind of spam.
- Good old-fashioned pill, porn and malware spam continues to center around Eastern Europe and the Russian Federation. They have well established willing hosts in the Netherlands, Latvia, Russia, Germany, and the USA, and hacked servers elsewhere.
- Several Eastern European spammers control large ranges of IP addresses. One in particular has dozens of /22 and /21 networks. These are rented out to spammers as a distributed proxy network, or in some cases sold as a hosted spambot service.
- Chinese wholesaler spam is becoming more frequent and organized. In addition to the usual comments and forum posts advertising counterfeit fashion and miscellaneous goods, the spammers are now creating networks of fake blogs and web sites on free hosts including Blogspot.com, Weebly.com, Tumblr.com, Ning.com, and WordPress.com.
- Other spammers are abusing proxies at ISPs and universities, and national censoring proxies such as those in Saudi Arabia and Singapore. They do this to mix their spam with legitimate traffic and thus make IP blacklisting impossible. (Akismet, of course, is not a blacklist).
- Autoblog pingback spam is now so bad that many blogs are refusing to accept any pingbacks at all. There’s no single source or group behind this – rather, gullible people are following “make money on the internet” instructions that recommend creating fake blogs on discount shared hosts and running ads. They use packages of WordPress plugins that copy content from other blogs or article publishing sites, and send pingbacks to many blogs try to get backlinks and traffic. There are large numbers of people doing this, and most of them have many such blogs. Needless to say it doesn’t work — the only people who make any money from autoblogs are the ones who sell the “make money on the internet” scams.
- Some well-meaning but careless bloggers are unwittingly annoying other blogs with large numbers of pingbacks. They’re using plugins that add “related links” sections to each post, with an automatically generated list of links to posts on other blogs, and send a pingback to each of them. Unfortunately the plugins usually do a poor job of selecting relevant links, and the recipients of those pingbacks often regard them as spam (which is not unreasonable as the pingback is often totally unrelated, and autoblog spammers use the same plugins). Some bloggers have configured their plugins to include 50, 100 or more of these links in each post, which is further exacerbating people’s frustration with pingbacks.
(For an example of a related-link plugin that does a good job of selecting relevant links and limiting pingbacks to a reasonable number, give Zemanta a try)
- Trackbacks have become so unpopular that even many spammers have abandoned them.
- Parasite hosting – such as hacked wikis, forum profile spam and hijacked blogs – used to be solely the realm of porn/pill/malware spammers. But recently Indian and Asian SEO spammers have adopted the same tactics – so where it used to advertise penis pills or bogus antivirus programs, now it’s dentists, roofing, and pet food.
Interesting these “new” spam behaviors.
I wonder who actively pays to spammers and their customers. In the past I believed it was noob net users that weren’t yet bothered enough by spam (once, in a mailing list I participated, I saw a spam be sent and 1 of the list members thanks for the spam and say the spammer was welcome on the list!!), but nowadays I doubt they can live only from noobs. Maybe in the case of web spam they just sell PageRank, getting links from real sites to new ones, and so forth.
Anyway, we must keep fighting. Be smart on comments approval, use good plugins to handle spam, and also plugins that obfuscate links that commenters add. If they can’t get a link out of our sites, they will be hopeless.
I myself never saw a spam that would link me to a real store/site that I could buy a real product/service. They seem just to be annoying and troublesome.
This needs a graph of some sort.
All I can say is – thank you for creating Akismet and allowing me to freely use it. It does a fantastic job on my weblog. I get 1000-times more spam than legitimate comments, almost all caught by Akismet. If it wasn’t Akismet, I would close all ways users could interact with my blog.
Ning needs akismet. Or something like it. Their spam problem is ridiculous and going for months now.
That’s some pretty cool stuff. I’ve wondered how all that kind of spam stuff works.
So I guess the bigger question is how successful is Akismet at stopping spam like that?
Thanks for the fantastically free Akismet!
One thanks I have to give spammers is that they seem to use the exact same reply for every website they post on. Whenever I receive a post on my website, I put it in quotes in a Google search in order to see how many websites I find with the exact same phrase complete with the same miss-spellings.
One weird mutant form I’ve seen lately is the verbatim duplication of a previously-approved comment; the spammer copies the text, slaps a name and a URL on it, and sends it through. Akismet so far has had no trouble spotting these, perhaps because the spammers haven’t had a whole lot of variety in their name/URL choices.
Akismet is great for filtering comments and putting it in another container (spam), but it won’t stop it. You have to use other methods to prevent spam, which you rarely end up killing a possible valid comment. I’ve got a WordPress hack that is very good at keeping spam off my blog, the only thing I still see is spam with no links at all, which means they tried to put a link in the URL field, but I don’t accept those on my site. It makes me wonder if eventually spammers will just flood all the systems with all kinds of comments, links or no links, spam-keywords or regular words just to make the filters worthless.
I have recently started getting some interesting spam, copied and pasted from comments that were already added by other people so it seems perfectly legitimate until I check their URL or do a Google search and find out I already have that comment on my site.
I’m glad Akismet filters out most of them for me, I actually had 2 that slipped through that stayed up for a week or two before I noticed.
I experience all of this. The worst is the pingbacks, because I like to keep them on to see who’s referencing my site, but I then have to spend so much time removing all these spammy ones. It sucks.
oh, i’ve been noticing the spam has been becoming more relevant, the human spammers must the explanation for getting through capchas and coming up with relevant comments. one of my most recent posts, there were some actual compelling comments, but the url was something like physician’s assistant. It was strange.
How would I go about adding a spammer to the Akismet database? I had a local marketer use my contact form as a method to send me email about a local business (he spammed me, and when confronted, said it “wasn’t intended as spam”). He’s doing this to others in the local area every day, and is starting to annoy people and businesses. Unless it comes through as a comment to a post in WordPress, I can’t mark it as spam.
Will, Akismet is for web spam, not email spam. Most email programs have a spam filtering feature, I’d suggest you use that.
Also, regarding “adding a spammer to the Akismet database”: Akismet is not a blacklist nor a list of spammers. It takes into account all available information about each comment, and makes an individual decision based on the blog owner’s feedback. If you don’t want someone posting comments on your blog, just use the Spam button – Akismet will make a note of your preference and stop them from commenting on your blog in future (unless you subsequently use the Approve or Not Spam button).