A bit old, but very interesting article I ran across: Latest Search Engine Spam Techniques. – Joe - 2005-03-31 11:59 UTC
The beginning gives a good overview of what motivates people to use bad SearchEngineOptimisation techniques, but it's a bit confusing in the context of our discussions, because the article uses the word 'spam' to encompass all bad SEO techniques. i.e. putting cruft on your own website to confuse google is also counted as spamming. I'm not saying the article is incorrect, it's just that the word 'spam' is quite nebulous and imprecise. – Halz - 2005-04-01 10:26 UTC
That's true. 'spam' has become a word with many meanings. But there's not much you can do about that (except qualify it when you use it: 'email spam', 'wiki spam', 'comment spam', 'street spam', 'search engine spam', etc, etc, etc). – What I really liked about the article was that it mentioned wikis and that it did so quite prominently. – Manni - 2005-04-01 12:30
Most places that realize the difference call that spamdexing - spamming the search engine index. Web spam (wikispam) is a kind of spamdexing, but takes place on other people's sites rather than bad seo techniques on your own site. – Joe - 2005-04-01 10:32 UTC
Right. Spamdexing will spam the index, but of course it will also spam the results you get (if done right). Try searching for any tech article and most of the results you get will be useless spam. – In related and somewhat sad news: wordpress author uses wordpress.org for spamdexing. – Manni - 2005-04-01 12:41
Yeah, I read a bit about that. I can understand wanting to make some money, but hidden spamdexing wasn't a good idea. He seems to have really upset a lot of people and probably permanantly hurt his and WP's image. – Joe - 2005-04-01 10:52 UTC
Private pages: I found out that I can easily cater for some privacy so that only users that have editor credentials can view certain pages. Any page named PrivateSomething? will be private. Of course, this also applies to the already existing page PrivateForum. Anybody who wants to see the private pages, drop me a line with your username and the password you want to use. Make sure it's a password only used on chongqed.org because I will update the list of passwords manually. – Manni - 2005-03-31 10:32
Discard the static content?
Looking at chongqed.org and keeping it up to date, I am wondering why we should still provide static html pages on chongqed.org when the wiki has become so much more important. I guess I'd have to lock some of the transfered pages (like the impressum), but so what. What do you guys think? – Manni - 2005-03-30 11:35
Yeah but I think some of the main pages should be locked. Being an anti-spam website chonqed.org is an obvious target for angry spammers to attack in any way possible, and at the end of the day, even with all our anti-spamming knowledge, vandalising an open wiki page is pretty easy. I'm surprised we don't see more of it on the existing wiki, but I think it could be just that many spammers don't find it. If the chongqed.org homepage was openly editable I think we see a lot of attacks. Having said that, I do like the idea. There are seven or eight static pages in addition to the homepage, which could benefit from being merged and linked into the wiki. – Halz - 2005-03-30 12:01 UTC
As you have probably noticed, I have started to transfer the static content to the wiki. When I'm done, I'm going to link http://chongqed.org to the wiki. The old wiki.chongqed.org URIs will still be valid, but deprecated. – Manni - 2005-03-31 10:29
I agree the main site is pretty much unnecessary now, but it does provide more internal links which is important to Google. Currently both have PR 4. I also agree with Halz that many angry spammers may just not find the wiki; we have hardly gotten any vandalism here. Another benifit of the static pages is we can use SEO techniques on them (which we currently don't other than title text on the navigation bar links which aren't used on the wiki).
Rather than getting rid of the main page, could you use the wiki to build some of those pages? They could be edited from the wiki, but when viewed from the main domain would not be editable and appear as a normal page.
While you are thinking about changes, what about the News page. Eventually its going to get insanely long. Any way you could provide single entry page links rather than the anchor links. Like a blog does, it has the normal blog view and then the single post/comment view. – Joe - 2005-03-31 09:53 UTC
I have been doing a bit of surfing around other wikis recently. I have noticed a lot of wikis have been locked due to spamming, but without removing all the spam. If you are going to lock your wiki at least clean it first. – Joe - 2005-03-29 08:11 UTC
I just discovered I miss the old style spammers list. I was trying to look up some keywords to use since I was updating the sidebar on my blog. There is no way to do that anymore. I know we discussed removing it and I thought it was a good idea at the time, but I am not so sure now. It didn't seem to be doing us much good, but now we don't have any links to those pages using the keywords other than the SpamPage and sometimes my blog. If we ever can get the PageRank up it would be nice to have us well ranked for the keywords. That was the whole idea of chongqing in the first place. What we are doing now is working, but not exactly as we planned. – Joe - 2005-03-29 05:16 UTC
Yeah we were talking about this before. I think Manni got rid of the two big long lists because google was not liking them. – Halz - 2005-03-29 08:27 UTC
Well, OurPageRanks seems to say it didn't help. I wonder when he actually got rid of them, maybe its just too soon. – Joe - 2005-03-29 09:04 UTC
http://spammers.chongqed.org/by_keyword.shtml – Manni - 2005-03-29 19:27
Spam Huntress has a post about fake 404 pages spammers are using to fool spam fighters. For Opera and Firefox users changing your UserAgent string to make you appear as Google when spam fighting should help. – Joe - 2005-03-28 17:56 UTC
Oops, I misread Spam Huntress' post. Changing your User Agent (in this case) won't do any good. They are looking at the referrer instead, which must come from one of the big search engines. When following a link that was spammed in your blog you will see the page is 404. The spammers must be hoping that you will not take the time to clean the link if you think its dead. Referrers are not quite so simple to fake as a Firefox extention, but there are ways. – Joe - 2005-03-28 22:28 UTC
The spammers subdomain's PageRank is not doing good, its finally gotten so low it shows no PageRank. We need to try something. I don't know what though. I put up all the data on past PageRanks I was able to reconstruct out of my email archive on OurPageRanks. – Joe - 2005-03-06 04:03
These spams Dan caught make me wonder? Is Panasonic China spamming or is someone spamming their name along with his own links? This is not the first time its been seen because panasonic.com.cn is already in the DB. That looks to me like an official site, but I could not confirm that from whois. Any Chinese chongqers out there, let us know. – Joe - 2005-03-26 08:13 UTC
Yup. Very sad. When I first encountered the panasonic.com.cn spam, I thought somebody was trying to rip them off. But I then took a look at panasonic.com and they do list panasonic.com.cn. So I wrote them an email. It's been quite a while, but I never heard anything from them. – Manni - 2005-03-29 21:42
Here's a very interesting discussion on threadwatch that you should check out. Related to that is some head-rearing of a spammer over on the spamhuntress blog. – Manni - 2005-03-23 13:30 UTC
She has a spammer responding, saying he wants to help end comment spamming. So what if he does, as he admits in one of his threadwatch posts if this option wasn't useful spammers would just find another. Can anyone guess what that might be? Wikis perhapse?
And of course there is no mention of wiki spamming at all. People are still blaming the problem on bloggers' popularity, saying that if bloggers can googlebomb for things and instantly be at the top of the engine spammers should be able to also. And then they blame Google for ranking blogs too high. That is far from the problem, spammers hit anything they can. As that Wired story said, 10000 links from 1000 low ranking sites is as good as a few links from good sites. – Joe - 2005-03-23 18:59 UTC
This guy seems to be claiming that while spamming, he has been able to figure out some miracle solutions to the spam problem. I find that hard to believe. I can imagine he might have some interesting angles on the problem, but solutions which none of the blog developers thought of? I think not. And why is he asking people to email him rather than just posting his ideas in public? It makes me think that he's just trying to make himself feel better, and regain some moral ground, by either making friends with anti-spam people, or by inciting them to reject his help. While we should not reject ideas that spammers have to offer, I don't think we should embrace them as our new friends, or even communicate with them in a way which helps them sleep easy at night. – Halz - 2005-03-23 19:58 UTC
I suspect he thinks he has some real good ideas to prevent spam, but just because he is a spammer doesn't mean he is an expert at knowing how to prevent spam. The way he is acting like he is the only one with the solution makes it seem that he is just trying to get antispammers to look bad by rejecting his help. I would reject it. We already know how to make spam useless, redirect or add the nofollow attribute to any urls posted in comments. Whether people like it or not that is the only solution that stands a chance. But as we have seen on this wiki spammers are total morons; if they can't put a useable link then they try just a text URL which has no use for hits or PageRank. You have to make spam useless on all blogs internet wide to make it stop. People not using a blogging service would have to upgrade their software to take advantage of any new antispam feature and we know lots of people never upgrade anything. And again that only solves the problem for blogs. I am far more interested in solving the problem on wikis. Almost all wiki engines are noncommercial and many are not being actively developed so there is no direct upgrade available for people. – Joe - 2005-03-23 21:24 UTC
Just checked out that post again. She and the spammer spoke on the phone about his "solution." But he will only reveal it to the right people and they aren't allowed to make it public. – Joe - 2005-03-26 08:12 UTC
We are having some technical difficulties with the database right now so I have locked the wiki until Manni is able to solve the problem. This problem also affects the blacklist and the spammers list. – Joe - 2005-03-23 05:19 UTC
The wiki is unlocked now. Turns out it was planned downtime by the hoster and just took a while to get everything back up and running. – Joe - 2005-03-23 09:59 UTC
You'll have noticed I've been building up the AntiSpamRecommendations page, with a lot of duplication of stuff described on the WikiSpam page. My plan was to gradually reshuffle things a bit.
My feeling is the WikiSpam page should really just describe what wiki spam is (although this can be quite a long bit of text, since there are various interesting forms of wiki spam). The existing sections of that page should be moved into AntiSpamRecommendations, and a new page AntiSpamIdeas?. That way we have a separation between things which are obviously good anti-spam measures (easy to implement, no serious drawbacks), and the other discussions which are ideas we are still bouncing around (maybe they have some drawbacks, difficult to implement, or not proven to work yet)
Similar discussions around wikidom are also blurring this distinction, and in doing so, I think people are getting lost/confused in various discussions, and failing to realise that there are some concrete measures they should definately be taking.
The AntiSpamRecommendations are things which wiki administrators can put in place easily. They are also the things which wiki software developers should include in their distributions ASAP! That's the idea anyway – Halz
Your right they don't really belong on that page going from the title of the page, but a WikiSpam page is the common page for discussion of the problem and solution on wikis all over. On most wikis one page is enough since spam is not their focus, but here the entire wiki is a WikiSpam page. Wiki spam in general is not a very large topic and pretty easy to define, you can explain the reasons behind it and the damage it causes. But that its going to be a pretty short page unless you start talking about all kinds of specific spamer techinques: referrer spam, comment spam, guestbook spam, wiki spam, bot spamming, manual spamming, redirect spam, spammy affiliate programs, spamdexing (blackhat SEO, degrading search results, fake spammy blogs, link farms). If we do that we need to make it obvious we have suggestions to fight and prevent spam also. Many people will expect to see discussion of that on a WikiSpam page if that is how they reach us initially. – Joe - 2005-03-22 17:33 UTC
Wired just did an article on SEO spammers, Search Rank Easy to Manipulate. It made it seem as though the spammer is doing nothing wrong by spamming blogs and guestbooks, they are just taking advantage of search engine loop holes. It doesn't even mention wikis. I hit the send feedback link and sent this. – Joe - 2005-03-18 18:48 UTC
Nice comment. – Manni - 2005-03-18 20:14
Two spammers got past Dan just now. The first and far more annoying one was a shoe spammer. He even left three email addresses and his supposed name which matches the info on the site. – Joe - 2005-03-15 05:55 UTC
Moron. But if shoesebuy@yeah.net really wants mail, I guess he can have it. This time, I'm definitely sure that the spammer is working for the shop and not the manufacturer. – Manni - 2005-03-15 11:08
I was wondering about Dan, he could be a bit more informative. It might be nice if he gave us the CaughtSpammer's Referrer and UA string. – Joe - 2005-03-15 06:26 UTC
You were trying to say that you were wondering about more scripting work for me? I don't think it's possible, sorry. AntiSpamDan will only see the referrer for the edit action and that will be the page itself. Quite boring. Of course, I could do something about the UA string. – Manni - 2005-03-15 11:11
I guess its not very useful then. The referrer is usually the most interesting. So far most all spammers use some form of IE and we get a good sampling of that from the spammers that make it to SpamPage. – Joe - 2005-03-15 14:22 UTC
I agree. What we might think about, though, is a large scale Javascript-attack on the spammers. There's lots of interesting stuff that we might get to know. Starting from the display resolution and ending with the complete history. Best thing about this: you would have to provide the programming ;-) – Manni - 2005-03-15 15:31
Well, now that you have shifted the programming to me, I have always wanted to hit spammers with cookies. It might be nice to know which spammers are coming back under different IPs, spamming for different sets of URLs, or different spammers spamming for the same URLs. We could collect stats on browser usage, maybe http://spreadfirefox.com would like if we can prove that 100% of wiki spammers use IE. If its good enough code some other wikis that trap spammers may want to use it to help study spammers. – Joe - 2005-03-15 15:09 UTC
Good idea. I forgot all about our cookie plan. Should be simple enough to make them swallow a cookie when they get caught be AntiSpamDan. So I could make Dan give them a cookie and you take care about the Javascript around that? – Manni - 2005-03-15 16:20
Sounds good to me. Except of course finding the time to program it. I probably will have time next week. I also need to get back to PF skinning. – Joe - 2005-03-15 15:31 UTC
OK. That wasn't so tricky. Spammers will now receive a cookie: spammer=YES. – Manni - 2005-03-15 17:01
Once we have a cookie, perhapse we play with the spammers a bit: http://authors.aspalliance.com/peterbrunone/impossible.asp
http://computercops.biz/modules.php?name=News&file=print&sid=2410
http://answers.google.com/answers/threadview?id=16063
http://www.ocf.berkeley.edu/~knliao/crashclick.html
– Joe - 2005-03-15 21:39 UTC
I implemented another one I found through the second link. Spammers will now find another "Save" button on the page that tells them not to spam. If they click it and are using IE, boom. – Manni - 2005-03-15 23:39
I just tested with IE 5 and it did not affect me, but most spammers keep their IE more up to date than that. It works great in IE 6. I am sure they will be dumb enough to click the button. But I was hoping at least to take down any open IE windows. This crash only affects the window chongqed is in. – Joe - 2005-03-15 22:55 UTC
Oh. I wouldn't have thought that IE is so stable these days. Well. Let me know if you find a way to crash the complete OS. – Manni - 2005-03-16 00:09
Slashdot has an article about Bloggers Googlebombing for Online Poker to fight blog spammers. Pretty close to what we are doing here. – Joe - 2005-03-15 05:59 UTC
I read it on your blog. I would have left a comment, but I'm not a team member :-( – Manni - 2005-03-15 17:01
I just fixed that. I did that last time we had a really pissed off spammer just in case he decided he needed to comment bomb my blog while I was asleep. I guess I forgot to undo it. – Joe - 2005-03-15 16:12 UTC
I just started getting a bunch of hits on my blog from an interesting site discussing TGO and LWS. Looks like Raindog was right; TGO covered up the whole google contest thing and denied it ever existed. I don't really care as long as it stopped, but why lie? More info on their forums (unless that gets censored too). — Joe - 2005-03-15 09:33 UTC
Good grief! Those LWS people are even more pathetic than the most pathetic part of the slashdot crowd. The more I read about it, the less I understand why anyone would post to these forums or even read them. Sure bores the hell out of me. Plus: I find it depressing to see a bunch of people with so little life. – Manni - 2005-03-15 11:16
It didn't take long, the interesting site detailing all kinds of bad stuff about TGO has been replaced with an apology. I expected it might not be around long so I had already saved a copy. – Joe - 2005-03-15 20:00 UTC
Baffling! How could this TGO guy have forced the other one to take this off-line and apologize? – Manni - 2005-03-15 22:14
Just in case you missed reading that masterpiece at the original location, it can still be found here, here, or here. – Joe - 2005-03-15 22:02 UTC
The HyipInvestment spammer made a few hundred edits to the PoInter wiki today. The HyipInvestment spammer has been around for at least a couple of days, so that by itself isn't new. But, what is interesting is that the spammer filled out the comment field for each edit. His comment field has a new twist (see here for an example):
Dear site owner! If my pages will be deleted your site will be deleted too. If you have any questions please contact me: no.content.spam@gmail.com Sorry for intrusion.
That is the first time I've seen a spammer leave a contact e-mail address. It is even weirder that he as chosen to leave an e-mail while simultaneously making a threat. The formatting of his spam is also better than any other I've seen. – RichardP - 2005-03-12 19:28 UTC
I have seen a couple leave an address. Its very rare though and usually left in some kind of similar threat. Usually its that they will spam you worse I think. Your bot can handle his threat I assume. – Joe - 2005-03-13 00:06 UTC
The spam is highly search engine optimised (links placed within sentences etc), as are the pages they link to. I wonder if 'yopages dot com' is a seperate banner adds company. I notice the 'advertise here' links take you to yopages too, which leads me to suspect that they are creators of these websites, and the perpetrators of the spam (though I have no proof of this) – Halz - 2005-03-14 11:35 UTC
Well, apparently this is a network of sites that all belong to the same Über-Spammer. The WHOIS records of all the spamvertized sites and the one for yopages dot com point to one "Max Tiper" from "Glens Falls, NY". Of course, I don't know whether this information is legit, but it doesn't seem like Max has started obfuscating his WHOIS records yet. – Manni - 2005-03-14 13:18
Joe posed the question today why the BlackListsDiscussion? page hasn't yet been deleted although it wasn't edited since November. The answer is that I have set the $KeepDays variable to 140 days. I like it when pages have a big fat history. Do you guys have any opinion on that? Of course, I might also look into any extensions that would allow administrators to immediately delete pages. – Manni - 2005-03-08 23:28
I do like the long history, but usually when you delete a page you don't expect it to stick around for that many months. A long time let us easily recover from a vandal deleting a page. And it is sometimes useful to go back and check old revisions. If there is an extension that would be great, if not it's not a big deal. I have also been wondering how to redirect a page. Before AntiSpamDan got his name he had a user page under nobody?, it would be nice to redirect it. – Joe - 2005-03-08 23:38 UTC
Well, there is an extension and I installed it. Administrators can now immediately delete a page. Redirecting a page is easy. Here is an example. – Manni - 2005-03-09 00:49
Redirecting is easy, I just couldn't seem to edit the page to view how you had done it. I didn't think to type in the URL. – Joe - 2005-03-08 23:59 UTC
Oddmuse helps a bit. Go to nobody?, get redirected to AntiSpamDan and then have a look at the red warning on the top of the page. It contains a little link for your convinience. – Manni - 2005-03-09 01:15
Last night I discovered that some spammer took over the WikiBlackList blog in late January. Before that it was inactive for 5 or 6 months, maybe the site just expired or the original author deleted the page. Either way it now has some nonsense text and some spammy links. A lot of WikiSpam pages link to that site since it used to have some useful antispam information. If you see any links to this site please remove them and leave a comment explaining why so its not reverted as vandalizm. The spammer already has a PageRank of 3 by stealing the blog that people were already linking to. Hopefully we can fix that real quick. – Joe - 2005-03-08 20:46 UTC
I just noticed a new wiki spammer tactic, from our old friend the Chinese shoe spammer. Today he posted some spam to, among other places, the GnuRadio wiki and the NewsMonster wiki. However, instead of promoting his own pages about the shoes he makes, he has chosen to post links to third-party retailers, presumably retailers who have no connection to him other that that they happen to sell his shoes. In the case of WikiMinion, I've chosen to list asicstiger.com and kangoo-worldsite.com, I'm unsure what to do about the other domains. – RichardP - 2005-03-08 22:24 UTC
Hi RichardP! Yeah that's a pretty sneaky. Layers of IndirectMarketing? is common, e.g. spam links to spamdexing link farm, which links to another spamdexing link farm, which links to the real website they're promoting. But this is indirect on an economic level. Means we could get into trouble acusing these other sites of spamming, when it was one of thier product suppliers. Since you've noticed it in this case, I guess it might be quite a effective to send emails to these websites, pointing out that this supplier is spamming in their name. They might decide he's cheeky bastard, and tell him to stop it… hmmm… I'm being hopelessly optimistic again aren't I? – Halz - 2005-03-08 23:27 UTC
Most legitimate sites hate spam so likely will do something about an affiliate spamming for them. Any real business must realize that spamming makes them look bad. The only problem is if the company is so big you can't reach anyone who cares or can do anything. – Joe - 2005-03-09 00:08 UTC
Unfortunately, in this case the links aren't affiliate links and the spammer isn't a marketing affiliate. The spammer is actually the manufacturer of the shoes that these retailers are selling. Convincing a retailer to stop carrying an entire brand of shoes seems a much tougher sell then convincing a retailer to drop a marketing affiliate. – RichardP - 2005-03-09 00:16 UTC
I haven't looked at the spam involved, but are you sure its actually the manufacturer who is spamming? It could be they hired an SEO who is doing all this for them and the company don't actually know what is going on or that spamming is making them look bad. – Joe - 2005-03-09 00:24 UTC
That's interesting. It should be simple to understand what is going on in the mind of a spammer. But these people have minds that are sometimes twisted beyond comprehension. Do you really think that these are his shoes? Perhaps he doesn't know how an affiliate program works? I also have no real idea about what to do with these domains. We're in for trouble if we get them on our blacklist. On the other hand, we should have the idiot Chinese shoe spammer blocked. Hmm. – Manni - 2005-03-09 00:25
Joe, you are indeed correct, it could well be the case that the manufacturer has hired an SEO to promote the sales of their shoes and has no knowledge of the methods involved. Manni, I don't think this a case of a spammer not knowing how to use affiliate links. The brands being promoted are actually manufactured in China by the same Chinese shoe company whose web sites were being promoted a few months back. – RichardP - 2005-03-09 00:54 UTC
That's one of the big problem with using an SEO. If you choose the wrong company you could end up with your site getting totally removed from Google. Some SEOs will do anything it takes. But obvioulsy some companies want that, or else we wouldn't have email spam either. – Joe - 2005-03-09 01:01 UTC
Do we have a page for the 'Chinese shoe spammer'? Let's move this discussion there. What's the domain name? Do we have one? (I know we're saying that this is not the domain which is being spam linked to, but anyway). As usual there is the possibility that he is hiring an SEO company, and is actually not aware about what they are up to. But this possibility applies to any spam. I think the interesting thing here is, if we could direct a polite email at these retail sites, they might object to the spam too. And they are in a much better position to ask 'Chinese shoe spammer' to stop – Halz - 2005-03-09 10:42 UTC
OK, we have a wiki page on him now. I suggest we start by collecting spamvertized shoe-related domains and keywords there. – Manni - 2005-03-09 13:04
Here's a weird one. 1listing dot org wont boost their google rank by getting linktrim.com to redirect them. And what's the idea making so many edits? The didn't manage to flood the page history completely. I suppose some meatballwiki defence might have stopped them before they managed this. – Halz - 2005-03-05 17:02 UTC
That is odd. I wonder if he was trying out some new spam software. He or his software obviously does not understand wiki syntax. He found a way around getting his spamming links blacklisted, but he doesn't get the point of spamming. I have always hated link shortening services, this is just one more reason. – Joe - 2005-03-05 21:35 UTC
I found very odd spam recently on some blogging accounts. They spammed for the blogging account, but the template would be changed so that it included a form with the really spamvertized site in the action attrribute and some Javascript along with the form that would submit the form on page load. While I'm not sure whether links that get redirected by tinyurl and family are followed by Google or not, I am definitely sure that this kind of trickery gets you nowhere in terms of SEO. In fact, if you wanted to make sure that search engines aren't following, you'd choose some sick method like this. What these people are hoping for seem to be real clicks. And you always end up on those fake search engines that give you results for searches you never did. My guess is that these are all pay-per-click schemes and somebody is doing something to get more clicks. Stupid way to do it, obviously, but the only theory I have for stuff like that. – Manni - 2005-03-07 18:08
We just got another spam report on linktrim.com, but now including uni.cc, both free link redirection services. From the report: "This is a very persistant spammer, almost certainly a bot. The attacks come every few hours from a different IP address (proxy? anonimizer? zombies?)…" Hopefully spammers will realize they aren't getting any PageRank out of this before it becomes a regular practice.
Other than blacklisting all link shortening services (which we can't do) I don't really see any thing we can do about these. Contacting the redirection service might be useful to get a few specific URL redirects shutdown, but it is so easy to create a new redirect that probably isn't much use. – Joe - 2005-03-10 08:11 UTC
Is uni.cc really a redirection service? When I go to www.uni.cc I get a 403. And we already have 56 uni.cc sub domains in our database. All of those give me a 403-FORBIDDEN error. Maybe we should blacklist the complete stupid tld. Along with .tv, .biz and a few others. – Manni - 2005-03-10 10:00
Until the report I had never heard of uni.cc (that I remember) being a redirect service. As a whole .cc is one pretty useless TLD. It is used by so many spammers now that any legitimate use of it (there must be some) is far out weighed by the spam. And .biz could just as well be .spam. I have yet to see any nonspam use. Its just such an odd tld why would any real business want to use it, there is no 'Z' in business. I have seen a few legitimate uses of .tv though, usually fan sites of a television show, and I don't think its as common as the other newer TLDs in spam. – Joe - 2005-03-10 09:17 UTC
So can you get anything from www.uni.cc? Or from lowrateautoinsurance.uni.cc or didrex911.uni.cc? – Manni - 2005-03-10 11:17
I hadn't tried yet. I don't even get a connection to www.uni.cc. But thats what Google Cache is for. From the cache it says they were having network troubles, I guess they got worse. They don't appear to be like tinyurl exactly. They give out free subdomains to shorten your URL. There are other services like that too. Since these are subdomains we can chongq them (I missed that detail before). Its seems Google is fine with this kind of redirection. Lots of legitimate sites use this method. Like when you have a free server at myisp.com/web/users/j/joe/ you can get a subdomain joe.uni.cc. Searching for sites at uni.cc shows a lot of spammy results on the first page, but also has a few nonspam sites listed. The cache of lowrateautoinsurance.uni.cc was blank, and the other one didn't have one. But it does look like spammers love the service. – Joe - 2005-03-10 17:18 UTC
The 1listing.org spammer seems to prefer uni.cc and linktrim.com, probably because those two services seldom respond to spam complaints. Back on March 2nd he briefly flirted with using other redirection services, but gave up, probably due to the quick response by some of those services to complaints. In fact, I was very impressed with the response from the folks at notlong.com. Here is notlong.com's response to my spam complaint:
Thanks for reporting this. I have disabled that and many other notlong URLs created by this person, disabled access for the IP address that created them, and disabled the ability to create long URLs to "1listing.org".
– RichardP - 2005-03-11 01:48 UTC
Cool. It just goes to show that writing abuse complaints is a worthwhile effort. Maybe we should start a ThankYou page where we can collect responses from the white-hat hosters and document the usefulness of complaints? – Manni - 2005-03-11 08:33 UTC
That sounds like a good idea to me. There are at least a few others that could be included on that page. – Joe - 2005-03-11 08:59 UTC
Good news, in response to complaints it appears linktrim.com has finally given the boot to 1listing.org. All of the links redirecting to 1listing.org that I checked have been removed from their database. In addition, the site has added a prominent statement to their front page saying that they won't tolerate spammers using their free service. – RichardP - 2005-03-14 22:45 UTC
Also, uni.cc is still down. It now displays a web page saying "This domain is currently unavailable". Now he can't use his favorite services linktrim.com and uni.cc, I wonder which service he will move to? ;) – RichardP - 2005-03-14 22:51 UTC
On Halz' most recent spam submission of cigaretteson.com at robt.cc showed the spammer had an unresolved ip; they display the domain for each poster's IP. That reminds me of the wiki TarPit discussion where they use the same idea as one of the criteria in detecting a spammer. Do legitimate posters (especially from China or other spammy countries) ever have unresolvable hosts? If the spammers are doing this on purpose it could be used against them. If its just because time runs out before it resolves then it could be a problem for some legitimate users. – Joe - 2005-03-03 19:36 UTC
I have a fair share of IP-only hits in my logs. Not all of them are from China. Some of them are crawlers. Of course, a crawler shouldn't be posting stuff to the wiki. – I don't think that spammers are doing it on purpose. Why should they? The IP address is just as good as the host name. – But if this is combined with another possible spam-counter measure, it should work quite well. For example, we could limit the number of links that an IP-address-only poster is allowed to submit. – Manni - 2005-03-03 20:48
PS: Their prices are incompatible? WHAT?
Jim had a link that explained a bit about this. It seems it may be on purpose. Email providers already use it to block spam.
By incompatiable I assume they mean their prices are not similar to other places because they are so low. The rest of the post was pretty bad english too. – Joe - 2005-03-03 20:13 UTC
I was looking through the wiki directory listings at [SwitchWiki]. It didn't take long to find one that was spammed to oblivion: http://www.employees.org/~alokem/magenta/index.cgi?FrontPage
Are there many wiki out there looking like this? These GhostTowns are providing a safe haven for spam links, which is a problem for the whole wiki community – Halz - 2005-03-02 18:21 UTC
Just like all new websites, a lot get put up but for whatever reason are no longer maintained or needed and never get taken down. Lee's wiki was the first good example of a total GhostTown that I had seen. I have seen a lot of smaller wikis that are not monitored often that have spam problems, but its when a site completely gets abandoned that spammers really go nuts on the wiki. As we have learned with the various Honeypots here, spammers are more likely to spam a page that already has been spammed since they are easy to find and a good sign the page isn't cleaned often. Links on a GhostTown are never removed so they just encourage more and more spammers. – Joe - 2005-03-02 19:21 UTC
I'm afraid there is a large number of GhostTowns out there. Lee's wiki is a drastic example. I once sent a couple of email to the "maintainers" of the Math wiki which was about to turn into a spam haven. Fortunately I could bring them to take it offline. If you look at some of the referrers on the SpamPage, you should have a pretty good chance of finding many, many abandonded wikis. Of course, trying to figure out an email address and dropping the owner a friendly line or two can never hurt. I just hope that Google isn't too interested in wikis that have become spam havens. Hardly anybody should be linking to them and even a stupid algorithm should see that there is something fishy going on. – Manni - 2005-03-03 00:50
Addendum: I remembered another plea for shutdown that I once sent off. I just checked and it seems this one didn't do so well. Google for "wiki de GNU España" and you'll see what I mean. – Manni - 2005-03-03 00:58
Another addendum: I did a little tweaking and now my cleaner bot is able to work with this wiki. It's an Oddmuse wiki, but it seems that the spammer's bot was adjusted accordingly to circumvent the surge protection. My circumvention is a little better because I use a proxy for every other edit so that I don't have to wait so long between edits. The cleaner bot is needed badly here. Each time I start it, it has to revert some 1000 spammy edits. Bastard. – This is the first time I see a heavily spammed Oddmuse wiki. Just goes to show that abandoning can turn any wiki into a spam haven. – Manni - 2005-03-08 10:42
That is an amazingly spammy wiki. Looks like your cleaner just decided to delete all the pages, presumably because there's no legitimate content left. Did you see the message I left on their front page? (I also created the LazySolution page to help people like this) Fair enough d'you think? – Halz - 2005-03-08 11:44 UTC
Yes, I did tell the cleaner to simply delete anything. Your notice and a bit of my own poking indicated that the original content (if there ever was any) is completely gone. So I made the cleaner use another LazySolution. – Of course I noticed your message; and I told the cleaner to keep everything by user Halz. – Fair enough? Anything is better than spam! – Manni - 2005-03-08 13:12
Just found out that Lee's domain seems to resolve again. Now either his hoster f*ed up the DNS record (again) or there is something happening at http://www.piclab.com/ – Manni - 2005-03-08 11:58
Manni, I am not sure what is up, but Lee's domain has displayed the generic Apache page for more than a week. I've been checking it once a week since it went offline, to make sure it didn't come back and start attracting spammers. – RichardP - 2005-03-08 23:51 UTC