subscribe: Daily Newsletter

 

Fighting the scourge of blog spam

0 comments

Back in the late 90s, a new type of journalism emerged, alongside the advent of free publishing platforms. At the time, no one knew blogging would become one of the most important platforms of expression, and the sharing of news and ideas, forever altering the face of traditional journalism.
However, the old maxim that cyber criminals are like pickpockets – they go where the crowds are, is true, and blogs are now in their sights, and are being exploited for malicious gain. Lutz Blaeser, MD of Intact Security, says blog spam is one of the most common methods used to inflict damage on a blogger’s reputation.
He says spammers engage in this activity, as they are hopeful of improving their search engine rankings, because if their rankings are lifted, then their Web site will be indexed above any competitors. “Luckily, there are quite a few search engines that have algorithms programmed to forbid any site from their index if spamming is detected. Spammers will make use of popular blogs, forums, chat rooms and news sites to give their promotional links a boost, as this generates traffic and is sometimes used to make sales.”
However, he says there is also a more nefarious side to spam on blogs. “More often than not, spam comments contain links that could take the viewer to dangerous or obscene content. Too many of these spam messages would considerably lower the blog’s usability and would make the important information harder to reach.”
He says links to any dodgy Web sites embedded in these spam messages could also impact on a blog’s reputation in search engines, which is vital to any blog’s success or failure. “Most importantly though, readers will gravitate away from spam-ridden blogs, to others.”
“Approximately 99% of all spam posted on blogs and forums originates from spam bots, small applications written in a scripting language, for example Perl or Python. These bots are extremely versatile for their purpose, but are also fairly simple to defeat. Methods would include having to use JavaScript or cookies if wanting to comment, as spam bots cannot handle either, and will fail to post the message.”
In addition, blog or Web site owners can insist on email verification or ID verification. “This is a common security measure many Web sites make use of to ensure their users are genuine human beings and not spam bots. In most instances, a code is sent to the potential user’s email with an activation code. Once the user enters this code, they can access the site. A spam bot will not attempt to follow these steps, but will rather move on to a softer target.”
Another approach, he says, is to configure the blog to automatically hold for moderation the first comment from any user, ensuring that legitimate members’ comments will be approved, and illegitimate ones not. “Alternatively, blogs can be configured to ensure that all comments are held for moderation. This approach is much safer, but time consuming, and not practical for blogs that receive thousands of comments daily.”
Blaeser says bloggers can also install a dedicated anti-spam plugin. “Any bloggers that use WordPress as their platform of choice should try the BitDefender Antispam plugin, which is a 100% free solution, that makes use of an API to query the BitDefender Antispam cloud services and check whether a comment is legitimate or not.”