Wednesday, April 8, 2009

Cursed comment spam

From http://www.flickr.com/photos/santos/"I recently came across your blog and have been reading along. i thought i would leave my first comment. i don't know what to say except that i have enjoyed reading. nice blog. i will keep visiting this blog very often."

Sounds very genuine doesn't it. "My first comment". Makes you feel very - touched. How nice.

A search for this phrase on Google returns 249, 000 matches.

This. Exact. Phrase.

So despite the fact that it got past the Google comment anti-spammer check, it is not a real comment.

I don't know if this is a script, bot, virus or just a plain army of low paid turks. Whatever, it is very annoying.

I went looking at some of the 249,000 victim websites.

Many that I looked at had this exact "post" inline with many other actual real posts.

In some cases the website owners/original posters had responded back thanking "Elaina" or whoever for their thoughtful comment.

The author of the original article and the other commenters likely have no idea in all of those 249,000 cases.

The weird thing is that for a fairly sophisticated exploit, the website the URL's are pointing to are very plain - they seem to follow this pattern:
  • a basic looking wordpress site with 2-3 posts
  • no real obvious google-traps, or large collections of advertisements
  • commercial sort of angle, real-estate and so on - but no immediate money spinner
  • site purportedly run by a single person, with a personal profile
  • some javascript links all looking to have something to do with Wordpresses K2 sidebar
My current theory for what is going on is that the captcha's are being beaten by a "Turk" type setup.

It could work like this. I want to promote my dodgy website, and pay a service called "Evil Promotions" that promises to raise it up in Google rankings.

The service recruits a small army of low paid workers - or perhaps they are paid in kind with gambling credits or pornography. The workers log into a web interface on "Evil Promotions" website and click a button.

Behind the scenes Evil Promotions run a set of scripts that go around millions of websites, looking for ones that have a comment facility.

Then the automated script finds such "Victim" websites, in their hundreds-of-thousands and it "clicks" on the buttons and makes a post. The script drops the very human sounding text above into the comment field.

The "Victim Site" sends back a captcha - an image with some distorted text, which only a human could read - the script passes the captcha on to the workers via Evil Promotions website. The worker types the response to the captch and clicks a button.

The Evil Promotions script sends the captcha response back to the victim website, which faithfully logs it as a human comment.

The worker just types responses, and clicks, over and over again, never seeing the websites that the responses are going to. I don't know what they could get out of such mindless repetitive work, but I hope for their sakes its worth it.

To me, if I'm half right, the whole thing stinks.

A low act.

Now - I have had an idea - maybe I can fight back. I just left comments on two of the websites I found, explaining what I just found. I asked the authors to do two things:
  • delete the comment
  • contact two other sites that had been spammed and suggest they do the same
Lets see what happens.