Spamlent Green is people

Friday 21 July 2006This is over 18 years old. Be careful.

Back in May, I wrote a post about spam that was written by genuine humans. In the comments that ensued, a number of people theorized that the spam was still generated by machine, since it isn’t that hard to synthesize sentences that are kind of on target, and they had stopped the spam with captchas.

Since then, I’ve continued to get comments which are strangely relevant, reinforcing my belief that people are actually typing these comments one at a time. This morning, though, I had stronger evidence.

Yesterday, I changed my comment software a little bit, and in the process, added a small bug: web site URLs would be rejected if they had any spaces in them, including trailing spaces. I should have trimmed the URL first, but forgot to.

On yesterday’s Unnecessary censorship post, a commenter named “Samantha” tried eight times to post a comment. The URL she was using was a .info domain about contact lenses, but I’ll replace it here with stupidspammers.info.

Her first comment (at 3:21 am) was a typical on-topic spam comment (The important trailing spaces are shown as bullets):

name: Samantha
email: samanthajoseph46(at)gmail(dot)com
website: http://www.stupidspammers.info••
remote_addr: 64.141.68.58

I was laughing so hard, my stomach hurts :-) And that Bush part was amazing, great work altogether.

error: That’s not a good website.

At 3:44, she tried five more times with the exact same comment, probably re-editing the URL to see if she had mis-typed something that was getting caught in the URL validation.

Then she posted again, but with a different URL, one to help people stop smoking, but her trailing spaces were still there, so it failed again.

At 3:48, she removed the URL altogether, and the comment finally worked (the web site URL is optional). Now that she knew she could get a comment posted, she made another one, with the URL in the body:

name: Samantha
email: samanthajoseph46(at)gmail(dot)com
remote_addr: 64.141.68.58

I was laughing so hard, my stomach hurts :-) And that Bush part was amazing, great work altogether. <a href=”http://www.stupidspammers.info”>funny</a>

I can see how you might think the content here could be auto-generated (though I didn’t mention that Bush was in the video, so that’s also a give-away), but the trial and error displayed in these attempts is very clear: Samantha is a real person typing comments to get links for a cheesy spam site. The time between her first attempt at 3:21 and her second at 3:44 were likely spent re-checking the web site herself, or re-checking instructions from her spam-master.

Ick ick ick. What a world.

Comments

[gravatar]
Well, you should feel honored. Afterall, it isn't just any blog that would have them sending real people to do their dirty work. It's like a blog status symbol. We just need a really special name for it... 'manuspam' or something. You could have a little badge "Manuspam Certified".
[gravatar]
"great work altogether" - very funny

On a serious note, which world? The good ol' US of A, or a world in which toiling to dupe us into clicking on a nefarious link helps to put food on the table? Given the economy of say, Nigeria, should we begrudge a 419 scheme or a comment spammer in India?

Yes, it's a pain, but perhaps a larger context could be considered. These are, perhaps, the returnable container collectors of the world.
[gravatar]
Hi Ned,

Im still not completely convinced its human. I waged pretty much the same battle against these kind of spams myself for a long time using a home brewed blacklist/spam filter before giving up and going for captchas. I found a patten of what I would call 'tracer bullets'. Every time I found a way to block one of the more enthusiastic spammers, I would get a series of posts trying to get back in again. The thing is they followed a pattern. Some would try putting the url in a link, some not, some would try placing it in [url]link[/url] type tags. It would be easy to think I was looking at a human at work. If I had not seen the same systematic approach from this spammer dozens of times. Im a bit of an insomniac , so the times at which I would update the blacklist/filter and knock em off again went right round the clock. The process of firing tracer bullets at my system would always start about an hour after I blocked it and deleted the spam, yet again leading me to suppose I was either looking at a group of individiuals , or software. But if it was a group their process was incredibly regimented. In any event, best of luck beating the gits.

Sean
[gravatar]
Mikey: what's next, smash-and-grab robberies are the returnable container collectors of the world? Granted, spam is not a clearly criminal offense like robbery is, but it isn't a noble pursuit either.

I have to believe there's some way to add value other than deception and pestering people. Maybe I'm naive...
[gravatar]
It seems like you've let your irritation with "Samantha" get the better of you. A comparison between someone trying to make a few bucks (I'm guessing) posting links into blog comment systems and smash-and-grab robbery is a bit much.
[gravatar]
Ned, I hope your dinner with Bush didn't influence you too much! :D There are indeed occasions in which robberies might be defined as morally acceptable (Robin Hood, resistance against fascism, etc). That's why you have programs to "help the poor": it's not out of kindness, it's an investment to maintain social peace. But I digress...

I personally believe that, in the "Hell Pop Chart", web-spammers still rank quite low; email-spammers and scammers are much, much worse, because they are crippling the entire medium.
[gravatar]
Ned, it's still a fabulous world, don't let that bitch Samantha get you down. I'll kick her butt.
[gravatar]
On a weblog I read regularly I just saw one of the most insidious comment spam techniques yet. I don't know how widespread it is. The software took sentences from other comments that had already been posted, assembled them into paragraphs, and then individually hyperlinked each word in the result to the pages they were trying to promote. Finally, it selected the screen name of a popular commenter on the blog as the author of this comment. Very clever.
[gravatar]
Gotta disagree with Bob. The majority of spammers are criminals in one way or another. In the case of email spam, they steal access to other people's computers in order to use the to send their spam, and the majority of the offerings that they are flogging with their spam are fraudulent, phishing, counterfeit, grey market, or even stolen goods. They send pornographic solicitations to email lists that have children on them. They are beyond the reach of the law if they are offshore, but that does not change the fact that they are breaking the law.

The blog spammers may or may not be stealing access to computers -- that I don't know; but they are promoting the same fraudulent, phishing, counterfeit, grey market, stolen, pornographic products in the same indiscriminate fashion; and
they are in bed with the click-fraud gangs.

The individuals who they pay to do their work (and I believe Ned is right... this is happening... trace the IP and see what low-wage country it comes from) may not have criminal intent of their own, but they work for criminals.
[gravatar]
Hey, I'm not that mad at Samantha. I said "what a world" not so much in the vein of, "aren't there horrible people out there", as, "is this the best choice this person has?", which is a bit more middle of the road. I know blog spammers are

Richard, I don't know for sure where Samantha is located, but http://www.networldmap.com/TryIt.htm claims she is in Calgary, Alberta, Canada. Is that a low-wage country? Does it matter? Do you feel better or worse about Samantha if she is Candian than if she is Nigerian?

Actually, the networldmap claims that the second-to-last hop on a traceroute to Samantha is in Mesa, Arizona, so Samantha may be an American. Who can say for sure?
[gravatar]
I can't vouch for that site. It just failed on an IP that a simple whois lookup indicates is in China. The blog spam IPs I've run down recently via whois (I use www.dnsstuff.com for that) have all come out of low-wage countries, mostly China lately. If you do trace an IP to a higher wage country I wouldn't be that surprised though. It could easily be a hijacked machine. Anyhow I feel no better or worse about the spammers depending on their location or circumstances. If they are in low-wage countries.
[gravatar]
Just wanna say that even if spammer is promoting his site via your site without harming your site and writing irrelevant about your site that means he is indirectly promoting your site as well, Not compulsory that a spammer can harm your site only he can rather promote your site as well by providing link of your site on his site! Wanna say something!!
[gravatar]
Ahaha what the hell :)

Samantha, whoever you are, please get a real job. :) It probably pays much more and you are not doing something morally repulsive or borderline pathetic!
[gravatar]
Samantha: 1. Get a life, 2. Try searching `link-exchange?' O_o

Sean: Unless you believe in hard A.I., or I'm missing something, she sure seems human :)
[gravatar]
In a Website I read frequently I just observed a standout amongst the most treacherous remark spam systems yet. I don't know how across the board it is. The product took sentences from different remarks that had just been posted, amassed them into passages, and afterward exclusively hyperlinked each word in the outcome to the pages they were endeavoring to advance. At last, it chose the screen name of a prominent analyst on the blog as the creator of this remark. Extremely shrewd.

Add a comment:

Ignore this:
Leave this empty:
Name is required. Either email or web are required. Email won't be displayed and I won't spam you. Your web site won't be indexed by search engines.
Don't put anything here:
Leave this empty:
Comment text is Markdown.