Microsoft Stabs at Blogspam, Pokes Google
Microsoft today released new research on the epidemic of spam blogs -- or "splogs" -- as well as the "comment spam" that dodgy marketers splatter all over blogs in a bid to improve their sites' search-engine rankings. Redmond's research team found that splogs hosted on Google's Blogspot.com appear to be widely spammed and fairly effective at jacking up the search results for the spammers' Web sites.
Microsoft said it generated the findings using something it calls "Strider Search Defender," a research tool that tries to distinguish legitimate Web links in blog comments from spammers' ruses. Microsoft said it found that most comment-spam links are actually to "doorway pages" that use cloaking and redirection techniques to redirect users to the spammer's target page or deliver ads. Doorway pages, it said, usually include innocuous-looking links to splogs hosted at free services like Blogspot, Blogstudio.com, Blogdrive.com, eBloggy.com, Blog4ever.com and Blogspirit.com. Links that show the domain names for these services -- rather than the spammer's actual address -- appear more legitimate and therefore are more likely to ensnare visitors, Microsoft said.
"By identifying those domains that serve target pages for a large number of doorway pages, we can catch major spammers' domains together with all their doorway pages and doorway domains," the company said.
Microsoft found one massive redirection network using some 17,000 Web pages at Google's Blogger.com, although roughly 45 percent of those referred victims to just six spam sites. In another Search Defender test, researchers located more than 5,500 spam-related sites on Blog4Ever, nearly all of which used the same Google AdSense affiliate identifier, suggesting the entire network was created by a single comment spammer. The security professionals at SecuriTeam have recently posted a series of links to research on blogspam that make for a very interesting read on the relationship between blogspam and AdSense.
Yi-Min Wang, manager of Microsoft's cybersecurity and systems management research group, told me that the goal of Search Defender is to help the software giant automate the filtering of splogs and comment spam links in search results returned on MSN.com.
"We now have a method to identify spammers so that before they get indexed into search results, we can block them," Wang said. "When this is fully automated, the spammers will need to spend a lot more effort trying to get into our search results."
Microsoft said Search Defender weeds out false positives -- links left in blog comments that are not spam-related -- by launching each link it examines in a browser window and recording all third-party traffic to see where the sites are snatching their ads from.
Of course, much of this reseach paints a rather dim picture of anti-blogspam efforts by Google, which the folks at MSN.com probably wouldn't mind seeing taken down a peg. For its part, Google suggests bloggers incorporate its "nofollow" attribute for hyperlinks in comments left by users, so that links in comments don't get any credit when Google ranks Web sites in search results. For more info on this attribute, check out this page.
But how do these lowlife blog spammers push out so much crud so quickly? Take a look at the dirt dug up over at the Computer Science and Electrical Engineering department at University of Maryland, Baltimore County.: They point to a slew of pricey, do-it-yourself commercial software titles with names like "VooDoo Blogger" and "Blog Link Generator."
I, for one, am certain I have seen these types of tools in action. Comment spammers like to target high-traffic sites in particular, and on some days I delete dozens of comment and trackback spam links from the pages of Security Fix. Most of the time when I check the time stamps on those comments, I find they were all left within minutes or even seconds of each other.
Each blogger can do his or her small part to make sure these human hairballs can't further their weak money-making schemes through comment spam. One of the best ways to stop comment spam in its tracks is to be vigilant: Deleting blog spam as quickly as possible decreases the chance that search engines will index the link as a mark of legitimacy.
But that's just a start: Sitepoint has some excellent tips on fighting comment spam. Also, most of the major blogging sites now include pointers on how to use antispam features. Blogger.com lets users require commenters to follow a verification process -- essentially a captcha -- to help weed out automated processes. Wordpress has its own tips here, or users can outsource their blogspam patrol (well, sort of) with Akismet, a free (for personal use) tool that compares any link, trackback or comment left on your Wordpress blog to a service "which runs hundreds of tests on the comment and returns a thumbs up or thumbs down." SixApart, which runs TypePad and LiveJournal, also lists a number of tips for users fed up with blogspam.
Posted by: Ed | July 13, 2006 1:22 PM | Report abuse
Posted by: h3 | July 13, 2006 2:22 PM | Report abuse
Posted by: Matt Mullenweg | July 13, 2006 3:03 PM | Report abuse
Posted by: Bk | July 13, 2006 3:17 PM | Report abuse
Posted by: M. H. | July 13, 2006 3:42 PM | Report abuse
Posted by: Tim Finin | July 13, 2006 9:27 PM | Report abuse
Posted by: Red eyes | July 14, 2006 11:32 AM | Report abuse
Posted by: Eric from WebDesignHero | July 16, 2006 1:21 AM | Report abuse
Posted by: Lawance | July 16, 2006 6:49 AM | Report abuse
Posted by: Citizen X | July 18, 2006 9:10 PM | Report abuse
Posted by: Robin 'Roblimo' Miller | July 20, 2006 12:02 PM | Report abuse
Posted by: Bill | August 27, 2006 3:25 PM | Report abuse
The comments to this entry are closed.