Tue 10 May 2011
The Game Is Afoot!
Posted by anaglyph under Blogging, CowBlogTech, Hmmm..., In The News, Spam Observations, Web Politics
[24] Comments
I really love a good mystery! In my last post Desperate? I talked about the apparent spamming of my (and others’) blog comments by Microsoft. Cow reader Damned Skeptic took me to task about this conclusion, and I defended my logic in the Comments of that post.
In a nutshell, what I said was that given that 99.9% of all the comment spam I get is about link hoarding, what evidence is there that the Bing (and also Yahoo) links were not cut from the same cloth? To me it looks like someone is trying to get some link action happening for those sites.
Except…
This morning I was inundated with a whole lot of spam such as this one from ‘Datherine’:
Here’s where Datherine is linking:
Now, is that not totally bizarre? Firstly, I will acquiesce: it’s fairly conclusive evidence that my first hypothesis was incorrect. I doubt that ALL the search engines are attempting to up their ranking like this. That would just be ridiculous. But what IS going on, then?
One thing that I can tell you is that Akismet (my spam filter) is on top of this – look at the stuff that was scooped up overnight:
There were dozens like this. These, of course, are all generated by bots and are easy to screen, unlike the spumans I mentioned yesterday. But look at those links! Way to add some pile carpet to the noise floor. Why would anyone want to generate lots of links to just any search engine? What are we seeing here? Are the big search engines involved in some kind of clandestine link deluge war? Is there any relevance in the fact that all the attempted links from yesterday and the day before were exclusively Bing and Yahoo, and this morning, for the first time, it’s Google? Wow.
Another thing I can tell you is that this spam was targeting my most visited pages, such as the FAQ, the Rasputin contests and some of my Peter Popoff posts. There is definitely some method behind this madness…
Is there more Pocket Jesus now?
Y’know, Queen Willy, if the spammers would leave me alone you’d get more of Pocket Jesus, Simple Graphics Man and even Safety Craig.
Hey, and anyway, it’s a detective story. I’d have thought you’d be all up for that?
Pitka would have solved this case by now.
Pitka works only during the holidays.
Last I heard Pitka was under cover, deep inside Paris.
Yeah, and he wasn’t looking for the Phantom of the Opera either.
Skynet begins and you’re to blame!
Just calling it like I see it…
Maybe this guy is just selling corn?
Hey, you’ve got a new picture on your sidebar. I like it! You handsome devil you….
It’s my new look.
Yeah I get a ton of this stuff from too, Askimet though kicks their ass all the time
They’re certainly still around, because I’ve had a string of them at my place. And searching for what was going on lead me here. Anaglyph said:
I think that’s probably what’s going on. I know there’s not much of a payload if the door opens, but the payload might not be the point. Testing WordPress security measures, cataloging who is monitoring, who is running akismet, who is running Bad Behavior. It might just be the first sweep in which this blog — being properly comment-filtered — gets dropped from subsequent hack attempts. Maybe it keeps happening because it’s multiple people using the same tool. Maybe because it’s an automated process poorly programmed.
Perhaps. It certainly stopped suddenly. I had two days of it and then an eerie silence (weirdly, pretty much ALL spam stopped for a day). Now we’re back to normal transmission, but the bing.com and google.com addresses have disappeared pretty much, except for the very occasional one.
I’ll be curious if you see the same thing happen – let me know. Maybe mass brains will have a chance of figurin’ it.
Perhaps it’s possible that the spammers can know via automation which posts actually make it through and then proceed to spam blogs who allow that. I don’t know. It seems strange that you’d use those major domains though – why not make up a bunch of plausible domains instead? If those spams had come through from, oh, widget.net or thingummybob.com they’d have had a much better chance of being inconspicuous.
A puzzle for sure…