About The Spam Attack

Regulars to Booman Tribune will have noticed the flood of spam diaries earlier this month, and the attempts to fight off the spammers. In the latter, the European Tribune (where I am a frontpager) helped out, based on past experience with the same problem.

The first (and longest) part of this diary will introduce the problem, namely, so-called SEO spamming. Then I’ll say a few words about how it hit Booman Tribune and how the anti-spam changes will affect you.

Web 2.0 spamming

Classic spam wants to sell you something, with a business model based on the cheapness of bulk reproduction: if just 0.001% of spam receivers aren’t annoyed but order something, the advertised on-line business will make profit.

However, most on-line shoppers aren’t suckers for spam, but seek out what they want, for example with a web search. So, if, say, you run a carpentry business in Augusta, it would be nice if your company website was one of the first results whenever people Google “carpenter in Maine”. Search engines order hits according to a system, a system that can be gamed – with spam. Spam which isn’t truly directed at human readers but at the web crawlers of search engine providers, working by the same principle as a Google bomb. This is known as “search engine optimization”, short SEO.

The most basic quantity search engines consider is the number of links on other sites leading back to a page (“backlinks”). Thus the simplest SEO method is the mass posting of hyperlinks all across the web. This usually takes the form of comment spam at blogs, web forums and other interactive sites. More advanced forms include the creation of a network of cross-linked fake blogs or news sites, and the posting of fake news articles at community sites with an off-topic link smuggled in at the end.

Effective comment spamming is made difficult by sites requiring registration, while search engine providers reacted by ascribing each web page a number indicating its quality (“page rank”, short PR) and weighting backlink numbers with it. However, this only provided SEO spammers with ways to be more effective with less work: by seeking out high-PR sites for spamming, they can achieve the same result with much fewer backlinks.

The most benign and stealthy of these more advanced SEO spammers place their backlinks in their Bio/About/User info pages and then disappear. The nastier ones will also resort to cruder diary or comment spamming.

The SEO business as Ponzi scheme

Another difference with classic spam is in who makes money and who is the sucker. Most advertised websites appear to be home or small businesses. It seems it’s not their owners who make real money, however, but all those who provide various services to them, for a price:

there are websites providing information on spammable websites and blogs;
you can buy manuals on backlink building (although even dummies could find sites explaining it for free);
you can buy lists of high-PR sites to spam (never mind that you can track down lists for free);
to reduce the tedious work of manual backlink building, you can buy softwares that register new email and user accounts, log in and create spam diaries automatically;
for the same job, with the special benefit of circumventing captcha filters, you can hire the services of shady companies in low-wage countries (like India or the Philippines) who employ people to do the job manually;
there are even web forums for SEO spammers, where the veterans of the scene will reassure newbies that they can get rich quick, and all of it is perfectly legal and not spam.

If you peek into such a forum, it has the air of direct marketing ventures like Amway. It reeks like a bubble, a Ponzi scheme, a scam; with the owners of advertised websites as the suckers.

In fact the circle of suckers was widened by combination with another bubble. Websites can have income by hosting advertisements, so in recent years, the setting up of a fake news site or blog just for the sake of drawing advertisements became a popular business model, except income stays minimal for most who attempt it. But SEO methods enhance advertisement income, too, so this type of home business was drawn in by the SEO crowd, too.

SEO spam hits Booman Tribune

Booman Tribune fell into the sights of one of the luminaries of the SEO movement three years ago. A certain lady from Aberdeen, WA, USA tested the site with its Google page rank of 6 by creating two accounts on April 17, 2009, with spam on the user info pages that went unnoticed.

This lady makes money by selling lists of 30 high-PR sites to her subscribers each month. She included Booman Tribune on her September 2009 list. As a result, that month spam account creation rose from a couple a day to over a hundred a day. Apparently, most of the spam flood she unleashed on BT was limited to the misuse of user info pages as free advertisement space, so it went unnoticed.

Once the paying suckers get their lists of spammable sites, the more clever and meaner spammers will get the lists for free. Thus a site that misses the first wave will be hit by repeated waves. When looking into the matter early this month, we found Booman Tribune was in a dozen publicly available lists, and even made it as example into one of the SEO manuals(!).

The last wave that hit at the beginning of April 2012 made itself noticeable with a dozen spam diaries a day. But it was/is much bigger in total: it started with a rate of 2-300 registrations a day, and was still at 164 yesterday. There have been even bigger waves. All in all, over the past three years, at least 320,000 suspected SEO spam accounts were created.

Fighting spam

Without dwelling into the details (and don’t ask), the site changes we implemented filter new users, block user info and diary spam, and foil the SEO use of comment spam by blocking hyperlinks. New users are upgraded to proper users only if they stick around.

The biggest difficulty was dealing with the three hundred thousand existing accounts, which was a necessity because many SEO spammers activate their accounts with a delay or return to edit them. Until we figured out what to do, there was a restriction on non-trusted-users which annoyed many, but that was lifted a week ago and now there should be practically no difference for Booman Tribune regulars. BooMan might implement more site changes in the future.

However, you can help the admins in recognising ‘proper’ newbies and comment spammers, by being more consequent with ratings:

You can give ‘proper’ newbies a 4. However, only do so after a truly engaging on-topic comment, don’t rate stuff like “Nice site you have, good diary!”.
When rating a spam comment, do not give a warning (2 rating), but troll-rate it immediately. If you are a trusted user, use the Mega Troll (0) rating, which exists just for this purpose.

8 Comments

DoDo on April 22, 2012 at 12:31 pm

On the bright side, consider how it went for ET: we were hit by the SEO spam flood in July 2009, we entered multiple lists too, and it took months to figure out effective ways to block them – but by now, the rate of spam account registrations is back to a couple a week.
ask on April 22, 2012 at 12:56 pm

Thanks for all the background, DoDo. And for helping with a solution.
Looks like a lot of detective work was needed to get to the bottom of it all.
- BooMan on April 22, 2012 at 1:03 pm
  
  DoDo and afew from European Tribune have been life-savers on this. They dedicated a lot of time to helping me out, and I’m very grateful. So, too, should be the regular users here.
  - Indianadem on April 22, 2012 at 6:11 pm
    
    My gratitude as well, DoDo and afew! Thanks for coming all the way over here (virtually, I assume) to do battle with the spammers.
CabinGirl on April 22, 2012 at 3:02 pm

Thanks for posting such a detailed explanation on this, and for the help in getting it under control. I didn’t even know that it started in 2009 until I read this…
Errol on April 22, 2012 at 3:31 pm

Thanks for posting this. Very interesting, and such a job to sort out.
janicket on April 22, 2012 at 3:35 pm

Thanks for the enlightenment as well as the hard clever work in foiling the spammers.

What you’ve said explains some things I’ve seen on my own obscure blog lately — certainly nothing approaching the flood of attacks here, but even a blog with only me posting erratically, and only marginally more than 3,000 hits in its five-year existence, can attract some degree of spammer attention.

I did notice an uptick in it since I began posting about taking up target shooting; I daresay the spammers seek out keywords they believe will generate higher levels of hits.
- puddleriver on April 23, 2012 at 8:53 am
  
  I believe! My tiny blog (still called “baby” after seven years) gets a phenomenal amount of hits on a single recipe for “white trash” — mostly from Africa, Saudi Arabia, and Russia. It’s a good recipe, so not removing it, but jeepers. I don’t have “monetizing” so I don’t even get a penny, lol!
  
  Other thing I’ve noticed recently is new spam comments on very old threads.
  
  And I was tickled the other day watching the blog owner (a neurosurgeon) responding sweetly and seriously to what I considered VERY obvious spam.
  
  Another strand in this cable I’ve become aware of is “disease” pages/sites. They have very generic and often bad information/English about a relatively little known disease. Lots of links elsewhere, too. It’s a pity if you are the owner of an orphan disease, because it’s already so difficult to get information.
  
  I guess I feel saddest about what this all reveals about human nature in the aggregate.

About The Author

DoDo

8 Comments

Recent Posts

Recent Comments