Fighting the “C” spammers
There have been a lot of techniques developed to fight comment spammers. They range from blacklists to the new rel=”nofollow” added to links. Both of those methods are “evil” because they punish the innocent as much as, or more than, the guilty. It is painfully easy for someone who has a score to settle with you or who is just an asshole to get your domain inserted into a popular blacklist and thereby causing you problems. The rel=”nofollow” portion of the tag really punishes innocents more than spammers. While it is intended to take away any incentive to spam your comments, by preventing Google from indexing those links and including it in its calculation of link popularity, what it does do is deprive any legitimate commenter gaining some link relevance from Google etc. As this “solution” is being promoted by many of the “A” listers in yet another attempt to define their “credibility” and “authority” in and over blogdom I suggest that anyone silly enough to give them link love, by blogrolling them, add the rel=”nofollow” attribute to those links. Watch the “A” listers popularity shrink as Google stops indexing those links and see how much they support this.
In any case the thing, imnsho, that is wrong with these attempts is that they are all defensive, all reactive and they don’t hurt the spammer one little bit. If you want to hurt these swine go after them personally. Following (with a few edits) are my tips on what to do which I left in the comments to a post by Jim Elve:
As someone actively working in the data center business let me give you some tips.
They are not actually visiting your site in person. They are using a web bot launched from zombie computers (trojan infected desktops). The latter is the reason they come from a different IP for each entry.
The best way to fight them is by the backdoor. That is, do a ping on one of the domains, grab the IP address and go to ARIN, RIPE, LACNIC, or APNIC (start with ARIN) and find out who is hosting them. If their host is in the US you’re in luck because for once CAN-SPAM and even more so the PATRIOT ACT come into play, not to mention the US TReasury Bureau. Why you might ask? Well
- First off they are using an automated instrument to deface your website (by placing ads on it without your permission)(it is irrelevant whether thead gets posted or not it is the intent to post it without your permission that matters). This is hacking and that contravenes the PATRIOT act along with a handful of other laws in all western nations.
- An even greater contravention of that act is the use of trojan backdoors on zombie computers to hide one’s identity while breaking into your server. This is a technique used by terrorists. Do not be afraid to use that word. The US government is now actively interested in zombie networks for a variety of reasons ranging from national security to the IRS. The largest zombie networks are operated by Russian gangs and access to them are leased to spammers and other pond scum. You know all those ads for gambling sites? Well those sites are all controlled by the Russian mafia either directly or through protection rackets (give us a significant cut of the take or we unleash a DDoS attack using a zombie network(s) and put you out of business) without exception. You gamble online you are supporting organized crime.
- They are violating CAN-SPAM. That’s obvious. They do not have your pernmission and they do not offer you a verifiable way to get off their distribution list.
- Most of these sites, and virtually all of the ones that promote online gambling are run by the Russian mob. The US Treasury not to mention the FBI and a bunch of other alphabet soup types are always interested in what they are up to.
Many people will tell you that comment spam is not illegal because your comments are open to all who drop by. They don’t get it. It’s not the content that is illegal, it’s the way the content is delivered that’s illegal. It’s all in the spin.
Get the abuse@ contact (and any others) for the host and start forwarding all the spam (individually - one spam one forward) to the those contacts. The first time you do it be polite but put in your email subject line First Notice. If no action is taken, and it probably won’t be, the next time you receive comment spam coming from the same IP send another notice marked second notice and bring to their attention the fact that now they have been made fully aware of their customer’s illegal activities (and they are illegal in most western nations) they are equally culpable for their customers actions (CSC and USSC rulings only absolve ISPs of the responsibility of discovering what their customers are up to - i.e. if the ISP can plead ignorance they are not culpable) and that your next communications are going to be with various members of the above mentioned alphabet soup.
I can tell you right now that most ISPs and HSPs (data centers) will figure this is just way too much trouble facing them and they will either boot their customer off the network or else convince the customer to take you out of their list of sites to spam.
One other tactic you might want to pursue is to alter the comment submit button to tell spammers that posting their ads on your site is a contract for advertising at some outrageous price like $1000 per link per day and that failure to read the fine print is no excuse. Then do a WHOIS on the domain and there will be at least one email there that will get to the site owner (all the names, phone number and addresses will be faked or stolen identities - I deal with this every day). This could be a risky ploy - suggest using a toss away email alias for it. In your email to the site owner tell them to take you off their list or pay up.
Will this work in every case? Of course not, but it will work in a lot of cases. Further, the more bloggers that use this technique the more complaints an ISP will get about a client and the more likely that customer will be told to move on. Now you’ve hurt the spammer. Don’t you feel better? A little revenge goes a long way to easing the annoyance of deleting all those attempts every morning doesn’t it!
One thing I think I would like to see is a co-operative effort among bloggers to not give any business to an ISP/Data Center that knowingly harbours comment spammers and does not take action against them but I don’t know how to do that without starting a blacklist which I am philisophically opposed to.
Related posts
Why Men Are Just Happier People »
Comments
Comment from Ann Elisabeth
Time: 1/24/2005, 12:20 pm
Very interesting. Will link to this post.
On another note, how about figuring out if the Bulgarians I found really are the spammers, and figure out what their ISP is, and then report them?
Trackback from Ann Elisabeth’s blog
Time: 1/24/2005, 12:21 pm
A more forceful way of reporting to the webhosts
Jim Elve had a post about comment spamming, and got a response from Doug Alder about the most effective way to write abuse complaints to the webhosts hosting spammy domains. I know I will probably write the notices to the…
Comment from Jim Elve
Time: 1/21/2005, 6:07 am
Thanks to you, Doug, I’ve seen my comment spam drop off drastically. I didn’t have any for a couple days. This morning, I found a new piece that is very similar to the others but hyping a new list of domains and sub-domains. I immediately tracked down the host, 800hosting.com, and notified them that their client is putting them in jeopardy re the Patriot Act and CanSpam. I’ve been outspoken against the Patriot Act and I feel both a little hypocritical and cynically gleeful about invoking it. It’s sort of like the assault weapon ban. I’m against those weapons unless I get to use one on a comment spammer.