Interesting new trend in blogspam


These days, the number of spam comments I receive easily outnumber the real ones. It’s been an interesting (if annoying) battle. The tactics employed by spammers seem to change on a fairly regular basis.
My presumption has always been that the main intention of blogspammers (known herein as simply “spammers”) is to exploit Google’s PageRank algorithm, which (in a very rough sense) places pages which are linked more often higher in the search results.
The first tactic used by spammers was pretty straightforward: put the address of a website you’d like to promote into the URL field of a blog comment. Nearly all Moveable Type-based blogs use the same mechanism for commenting, so it’s fairly easy to get a computer to do the job automatically. Some people, such as Jim of extrametrical.com, have written their own commenting systems, which — since they use a different commenting mechanism than MT blogs — aren’t targeted. It’s the fabled “security through obscurity” idea [Wikipedia], and it seems to work pretty well. Or, at least, I haven’t seen any blog spam on Jim’s blog lately (actually, ever).
Then came along Jay Allen’s excellent MT-Blacklist, making things considerably harder for spammers. MT-Blacklist leveled the playing field by collecting many spam URLs in single spot — known as the “master blacklist”. When MT-Blacklist is installed on a Moveable Type-based site, each time someone (or some THING) wants to post a comment, the supplied URL is cross-checked against the blacklist, and if a match is made, the comment is refused.
This lead to the creation of dashed versions of the same URLs. For example, http://www.texasholdem.com became http://www.texas-hold-em.com. A little harder to type, but whatever works.
A short while later (and here’s where things start to get weird), spammers started using double and sometimes triple dashes. http://www.online—casino.com and the like. A little strange, but as long as it shows up first in Google, it doesn’t really matter what the address is. Fine. I don’t like it, but I still understand that.
But over the last week, I’ve started receiving spam from completely nonexistent domains, devoid of links in the comment body. And it baffles the heck out of me. Why? What’s the point? About the best I can come up with is that some kind of virus has struck the computers of the spammers, causing blogs to be spammed with nonsense information unintentionally. But a virus, targetting spammers but as a side-effect affects bloggers? Seems a little odd — where’s the motive?
Take www.mingholee.com, for example — the URL in a piece of blogspam I received today. Punching it into my web browser’s location field yields me this:

And Google doesn’t know much about the site, either:

However, here’s something interesting. At the time of this posting, 129 pages contain the term www.mingholee.com. So I’m not the only one.
One more remote possibility, is that over the last week I developed a hole in my DNS services, and what doesn’t work for me (i.e.: www.mingholee.com) actually works for other people. But it that seems extremely unlikely, given the only sites I haven’t been able to reach are the ones spamming my blog.
Someone please give me a clue…

5 comments

  1. I have also seen this trend and been confused. Thought maybe they were trying to advertise the persons name … or something. Along the same lines as “I was surfing around on blogspot and came across your site” (or some variant) … where “blogspot” takes you to blogger.com. Advertisement at its best.
    Could it be that these comments are a ‘tracking’ system – where if the comment is successful they log your system as able to accept comments? Something like the spam emails that include images (they can track the valid email address by checking to see if the image loads).

  2. Actually — that’s a very good guess. Sort like a ping to make sure their database of Moveable Type weblogs is up-to-date.

  3. ditto,
    it’s not just you. and i have also been wondering what the motive is. the really interesting part to me is that many of the email address’ used are gmail address’. i have considered responding to see if the address exhists. but that’s a real long shot.
    one thing i considered is that if this continues, it would seem that the only way to stop it would be to add the gmail.com and the hotmail.com to blacklist. could this be an attempt to stop people from using two of the most popular free email services?

  4. Alison, I noticed the use of gmail addresses too. Not sure what to make of it. I agree with you though, I doubt very much that they’re real — but I don’t really have a good explanation for it either. It’s not like people filter blogspam based on the email address, so it all leaves me kind of confused.

Comments are closed.