: : :

Add Comment | Related Links | TrackBack
Related Content

itsok spam

We have been getting a new set of spams lately. I call it the "itsok" spam. The following is one of the spams posted:

"Awesome stuff! Thanks for all the information. Big is feature of Tremendous Pair: , Astonishing is feature of Faithful Gnome Lazy Chips is always International Grass , when Gnome is Table it will Steal Cards Opponents will Soldier unconditionally"

The spam always contains three URL's. The first is unlinked. The second two is linked. The third link actual have a rel="itsok" tag. Which seems quite interesting to me. Why would the spammer leave a signature?

But that's not the only strange thing about this kind of spam. As you can see above, the spam contains legitimate sites, which are highly unlikely for the spammer to gain a quick profit. So why would the spammer to spend so much time spamming URL that doesn't benefit the spamer directly?

I found an article called The arms race continues in the Spam wars. This article has a theory. It claims that these spams are long-term warfare support that the spammers use to contaminate effective blacklists with legitimate sites.

I don't buy this theory. Why? Because I have found that the spammers determines when the admins are away from online work and spams during those times. For example, they spam during the wee-hours of the night. They always check to see when their spam got deleted. And they come back next day at a slightly later time.

Also, we have been aggressive at deleting spam. So the spammers stopped spamming our site last week. But all of a sudden, they did a massive spam attack on Christmas Eve and Christmas day. Luckily we implemented our own extremely effective anti-spam system last week, so the damage was minimal. Why did they pick times when the admins are least likely to be around? If all they wanted to do is contaminate blacklists, those legitimate sites would get on the blacklists a lot quicker when the admins are around.

My theory is that the spammers want to wear the admins down. Perhaps that the admins will get tired of their games, will quit, and will abandon their blog sites. Leaving the site open as a spam link farm. They don't use their own URL's because they want to mount a long enduring massive attack that is untraceable. If the attack is massive and traceable, then their operation could get shut down before the enduring attack becomes effective.

What's the best defense against this kind of attack? Diligently delete spam posts, use anti-spam tools, and learn about spammers' patterns.

Chieh Cheng
Mon, 26 Dec 2005 11:47:44 -0800

Add Comment | Related Links | TrackBack
Related Content

Did your message disappear? Read the Forums FAQ.


TrackBack only accepted from WebSite-X Suite web sites. Do not submit TrackBacks from other sites.

Send Ping | TrackBack URL | Spam Control

Title: Fight Comment Spam, Ban IP's
Weblog: GearHack
Tracked: Thu, 15 Jun 2006 13:21:20 -0700

Add Comment

Spam Control | * indicates required field
Your Name: *
Remember Me!
Comment: *
File attachment is optional. Please do not attach a file to your submission unless it is relevent.
Attach File:
(20 MB Max)
Spam Protection: * Answer of 5 + 0?
Click button only once, please!

Messages, files, and images copyright by respective owners.

Articles | Wiki
Forums | Latest | RSS
Library | Links | News
Search | Store | Help

36 Users Online

Hacking Digital Cameras
Fun for Photographers

Amazon Associate

Copyright © 2004 - 2022. All Rights Reserved.