LJ and WordPress.com bloggers should be happy with their blogging service right now – for those excellent hosted services are hiding one of the longest steady comment spam attacks I’ve seen from you and your readers. Thank them (your hosted blog service provider), for this is annoying at the service level.
My personal WordPress blog (the one I host) has Akismet to filter the likely spam from the real comments; and it is working… but the scope of this 11 days and running long attack is mind boggling. IP address ranges of mostly hacked PCs indicate that the bot-net spreading the comment spam circles the globe and is sophisticated enough to vary the attack from each hacked PC suck that the obvious triggers are not caught by the anti-spam firewalls. This indicates to me that there are a LOT of Windows based PCs that are doing far more than their owners want them to do.
It also raises liability questions. I used to think that if you were the unwitting victim of an attack, and while hacked your PC did something illegal, you should not be held accountable. I am not sure anymore and begin to question if everyone who puts a machine on the net does not have some obligation to prevent it’s being used illegally. Statistically, most of the hacked PCs have had no steps taken to secure them at all. Is that not a little frightening?
The product this attack is pushing are black market brand name drugs; and the language of the hook text in the spam is so poorly constructed that I suspect it’s all from Eastern European programmers being paid by organized crime syndicates. Hopefully the crime lords have to pay by the comment injected wether it actually gets published on our blogs or not; for at least then some programmer is getting paid and sucking the money out of the criminal’s hands.
It does also make me wonder how much of a markup the drug companies are charging for legal drugs; this method of marketing is hideously inefficient – but they must be getting a return on their “investment” which implies the margins are staggering.
{ 2 } Comments
Interesting. I have both a wordpress.com-hosted blog and a self-hosted blog. Both use Akismet as the spam blocker and I’ve not seen any more comment spam than usual. So where are you seeing these attacks?
Akismet is catching them, only on my self-hosted WordPress blog; I presume the WordPress.com hosted one benefits from group filtering and I never even see this junk.
Akismet is tentatively marking it all as spam; and I only see it when I go check the spam queue for legit comments (for example, your own comment was in the spam queue until I approved it; and the other 30 messages in the queue were all some slavic language; so I dumped them with the “delete all spam” button).
I have been getting 20-120 a day in the likely spam queue for 10 or 11 days; before I did not see so many.
Post a Comment