Sun 8 May 2011
For most of you, Tetherd Cow is an unfolding story of antics in Cow World that plays out on a fairly linear daily or weekly basis. You know how it goes – I post a story, you comment, we have a some fun repartee and then we move on. Very civilized. But because I have an expansive overview of The Cow (a Cowish ‘omnipotence’ as it were) the Cowiverse looks somewhat different to me. I see a whole lot of stuff to which you are not privvy. There is, for example, activity that occurs way back in time, in posts that have had their moment in the sun and are never visited again except by the occasional lost web traveller. Or by spammers. Spammers discovered long ago that the vast hinterland of forgotten blog comments provides another fertile venue for their pathetic attempts to hawk various car insurance/viagra/cheap mortgage/locksmith(i) schemes. Because visiting millions of blogs and posting comments is (quite obviously) a tedious and time consuming task, the spammers have mostly relegated this drudgework to bots. Sometimes very clever bots, but bots all the same. Bots are mostly pretty easy to defeat, and these days most bot comments get swept up by blog spam utilities and never see the light of day.(ii)
Recently, though, a new spamming ruse appears to be on the rise. This technique requires real people to spend time browsing around blogs and posting comments and linking their names to some crap or other.(iii) Here’s one that I got yesterday:
This was a comment left on my post Ooze which you may remember concerned the curious fungus that once appeared in my backyard. On the face of it, ‘Jeff’ appears to be taking an interest in the post and leaving a pertinent comment – he is obviously not a bot.
What the spammers don’t appear to understand, though, is that when a commenter leaves his or her mark on TCA comments, I can tell all kinds of things about them other than just their email address and their name. I know, for instance, that while Jeff Morgan is (most likely) a real person, with a real Bigpond email address, it is not the real Jeff Morgan who has visited my blog. Someone has stolen his name and email address for the purposes of making their spam look legitimate. The clue to Fake Jeff’s real agenda is written clear in two places – one is in his IP address which comes out of Pakistan, and the other is in ‘his’ website which is easily recognizable(iv) as a ‘front-door’ for a spam operation linking off to various kinds of crummy products.(v)
As is usual in these cases, I leave the comment intact and ‘repair’ the weblink to take it somewhere a little more useful.(vi) This morning though, I got a rather intriguing one of these ‘comments’ from ‘Mircea':
This one appeared in my post We’re All DOOMED! as a reply to Cissy Strutt. Unlike Jeff’s comment, it only half makes sense, but I have had far more incomprehensible legitimate comments in my time. ‘Mircea’ evidently thinks that by embedding it in the flow of commenting (he/she would have to have physically clicked the ‘Reply’ button) that it would go unnoticed.(vii) But I don’t see comments the same way as commenters do, and for me it’s a trivial exercise to spot it as spam. Here’s part of what I see:
Did you see the very interesting thing here, Cowpokes? ‘Mircea’ appears to be spamming for Microsoft. Oh, I’m sure that Microsoft would deny having anything to do with such a practice. They would, most likely, claim that anyone can type any URL in the web field and that they can’t be held responsible for random punters being fans of their search engine. But It is easy for me to see that ‘Mircea’ is not a legitimate entity: she/he has an IP in Quebec and an ISP in Germany – a very curious and probably impossible combination. Additionally, this is not the only one of these I’ve had in recent times.
There is a bit of discussion going on about this elsewhere, and one suggestion has been that the Bing URL is being truncated in some way and that Bing (and Yahoo as it turns out)(viii) are just victims of a software snafu. But I want to point out that the way these blog commenting systems work does not support that conclusion – if people are physically reading the posts and entering comments, they are also physically entering the URLs they have been given to promote. To put it in clear terms, ‘Mircea’ is a fraudulent identity who has visited an historically distant Tetherd Cow Ahead post with the sole intention of leaving a link to Bing.
- Yes. A New York locksmith and his pals were, apparently, touring the blogosphere and leaving comments in an attempt to boost their linkability. Rather sad, really. [↩]
- My spam tools automatically shift such comments into the spam graveyard without me even being aware of them. On average, TCA gets about forty of these a day. [↩]
- The technical reason they do this is to increase the number of legitimate websites ‘linking’ to their garbage product. This, in turn, increases their search ranking in various engines. Search engines find it easy to defeat standard spambot link farming, but this kind of ‘human’ bot requires (so far) human brains to intercept. And not only that, human brains that understand the context of their own blogs. [↩]
- By a person, at least. [↩]
- Typically, these ‘front’-door’ sites are set up as link farms into products that the spammer has been paid to ‘advertise’. They are disposable sites that will be abandoned as soon as they are busted, only to spring up somewhere else in a matter of minutes. The spammers probably have thousands of them on the shelf, ready to go. [↩]
- I usually redirect it to the JREF, because I think if there’s one thing we could do with a whole heap more of in this world, it’s some rational thinking. Can’t ever have too many links to the JREF. Did I mention the JREF? [↩]
- And I guess on a lot of blogs maybe it would have. [↩]
- I’ve also had several linked off to Yahoo. [↩]