About The Spam Attack

Regulars to Booman Tribune will have noticed the flood of spam diaries earlier this month, and the attempts to fight off the spammers. In the latter, the European Tribune (where I am a frontpager) helped out, based on past experience with the same problem.

The first (and longest) part of this diary will introduce the problem, namely, so-called SEO spamming. Then I’ll say a few words about how it hit Booman Tribune and how the anti-spam changes will affect you.

Web 2.0 spamming

Classic spam wants to sell you something, with a business model based on the cheapness of bulk reproduction: if just 0.001% of spam receivers aren’t annoyed but order something, the advertised on-line business will make profit.

However, most on-line shoppers aren’t suckers for spam, but seek out what they want, for example with a web search. So, if, say, you run a carpentry business in Augusta, it would be nice if your company website was one of the first results whenever people Google “carpenter in Maine”. Search engines order hits according to a system, a system that can be gamed – with spam. Spam which isn’t truly directed at human readers but at the web crawlers of search engine providers, working by the same principle as a Google bomb. This is known as “search engine optimization”, short SEO.

The most basic quantity search engines consider is the number of links on other sites leading back to a page (“backlinks”). Thus the simplest SEO method is the mass posting of hyperlinks all across the web. This usually takes the form of comment spam at blogs, web forums and other interactive sites. More advanced forms include the creation of a network of cross-linked fake blogs or news sites, and the posting of fake news articles at community sites with an off-topic link smuggled in at the end.

Effective comment spamming is made difficult by sites requiring registration, while search engine providers reacted by ascribing each web page a number indicating its quality (“page rank”, short PR) and weighting backlink numbers with it. However, this only provided SEO spammers with ways to be more effective with less work: by seeking out high-PR sites for spamming, they can achieve the same result with much fewer backlinks.

The most benign and stealthy of these more advanced SEO spammers place their backlinks in their Bio/About/User info pages and then disappear. The nastier ones will also resort to cruder diary or comment spamming.


The SEO business as Ponzi scheme

Another difference with classic spam is in who makes money and who is the sucker. Most advertised websites appear to be home or small businesses. It seems it’s not their owners who make real money, however, but all those who provide various services to them, for a price:

  • there are websites providing information on spammable websites and blogs;
  • you can buy manuals on backlink building (although even dummies could find sites explaining it for free);
  • you can buy lists of high-PR sites to spam (never mind that you can track down lists for free);
  • to reduce the tedious work of manual backlink building, you can buy softwares that register new email and user accounts, log in and create spam diaries automatically;
  • for the same job, with the special benefit of circumventing captcha filters, you can hire the services of shady companies in low-wage countries (like India or the Philippines) who employ people to do the job manually;
  • there are even web forums for SEO spammers, where the veterans of the scene will reassure newbies that they can get rich quick, and all of it is perfectly legal and not spam.

If you peek into such a forum, it has the air of direct marketing ventures like Amway. It reeks like a bubble, a Ponzi scheme, a scam; with the owners of advertised websites as the suckers.

In fact the circle of suckers was widened by combination with another bubble. Websites can have income by hosting advertisements, so in recent years, the setting up of a fake news site or blog just for the sake of drawing advertisements became a popular business model, except income stays minimal for most who attempt it. But SEO methods enhance advertisement income, too, so this type of home business was drawn in by the SEO crowd, too.


SEO spam hits Booman Tribune

Booman Tribune fell into the sights of one of the luminaries of the SEO movement three years ago. A certain lady from Aberdeen, WA, USA tested the site with its Google page rank of 6 by creating two accounts on April 17, 2009, with spam on the user info pages that went unnoticed.

This lady makes money by selling lists of 30 high-PR sites to her subscribers each month. She included Booman Tribune on her September 2009 list. As a result, that month spam account creation rose from a couple a day to over a hundred a day. Apparently, most of the spam flood she unleashed on BT was limited to the misuse of user info pages as free advertisement space, so it went unnoticed.

Once the paying suckers get their lists of spammable sites, the more clever and meaner spammers will get the lists for free. Thus a site that misses the first wave will be hit by repeated waves. When looking into the matter early this month, we found Booman Tribune was in a dozen publicly available lists, and even made it as example into one of the SEO manuals(!).

The last wave that hit at the beginning of April 2012 made itself noticeable with a dozen spam diaries a day. But it was/is much bigger in total: it started with a rate of 2-300 registrations a day, and was still at 164 yesterday. There have been even bigger waves. All in all, over the past three years, at least 320,000 suspected SEO spam accounts were created.


Fighting spam

Without dwelling into the details (and don’t ask), the site changes we implemented filter new users, block user info and diary spam, and foil the SEO use of comment spam by blocking hyperlinks. New users are upgraded to proper users only if they stick around.

The biggest difficulty was dealing with the three hundred thousand existing accounts, which was a necessity because many SEO spammers activate their accounts with a delay or return to edit them. Until we figured out what to do, there was a restriction on non-trusted-users which annoyed many, but that was lifted a week ago and now there should be practically no difference for Booman Tribune regulars. BooMan might implement more site changes in the future.

However, you can help the admins in recognising ‘proper’ newbies and comment spammers, by being more consequent with ratings:

  • You can give ‘proper’ newbies a 4. However, only do so after a truly engaging on-topic comment, don’t rate stuff like “Nice site you have, good diary!”.

  • When rating a spam comment, do not give a warning (2 rating), but troll-rate it immediately. If you are a trusted user, use the Mega Troll (0) rating, which exists just for this purpose.