ITsecurity
twitter facebook rss

Comment spam – a growing problem

Posted by on June 9, 2014.

Comment spam is a serious and worsening problem. It is the practice of commenting on a website or web service for ulterior purposes: typically for SEO promotion; to lure victims to a poisoned website holding an exploit kit; or for political purposes. To put this in perspective, my old blog (kevtownsend.wordpress.com) has blocked more than 100,000 comment spam attempts in just this year (via Akismet). The volume for this year so far has already exceeded that for all of 2013.

spam detected by my old blog, 2012-2014

spam detected by my old blog, 2012-2014

Imperva has been looking at comment spam as part of its Hacker Intelligence Initiative (HII). It has now published a new report, Anatomy of Comment Spam, in which it analyses the spammers’ methods and discusses available user mitigations. Both attacks and mitigations can be either automated or manual.

Automated comment spam attacks can be directed via tools such as ScrapeBox. ScrapeBox provides facilities such as random combination of different phrases to defeat spam detection tools; facilities to handle CAPTCHA anti-automation defences; and successful comment status reports for the spammer. It shows the continuous battle between all automated attack tools and all automated defence tools (in this case spam detection systems and CAPTCHA log-in defences).

One of the best automated defences is the reputation defence. Once a link contained in a comment is known to be dubious, all comments with that link can be rejected.

Source reputation is based on whether previously seen traffic from that source was considered comment spam. Online repositories, based on crowdsourcing, were set-up for these purposes. The repositories are used to both report spam and to check a comment source reputation. The two most popular repositories are www.projecthoneypots.org and www.stopforumspam.com. Our research found them rather reliable.
Anatomy of Comment Spam

However, the most reliable method for both delivering and mitigating comment spam is the manual method. Individual tailored comments are most likely to defeat the automated defences, while manual inspection is most likely to detect the more subtle attacks. Governments have long been known to direct extensive manual resources to propagate propaganda through comment spam.

BuzzFeed reported last week on a current Russian campaign:

Russia’s campaign to shape international opinion around its invasion of Ukraine has extended to recruiting and training a new cadre of online trolls that have been deployed to spread the Kremlin’s message on the comments section of top American websites…

…On an average working day, the Russians are to post on news articles 50 times. Each blogger is to maintain six Facebook accounts publishing at least three posts a day and discussing the news in groups at least twice a day. By the end of the first month, they are expected to have won 500 subscribers and get at least five posts on each item a day. On Twitter, the bloggers are expected to manage 10 accounts with up to 2,000 followers and tweet 50 times a day.
Documents Show How Russia’s Troll Army Hit America

Imperva’s advice is relatively simple

  • Identifying the attacker as a comment spammer early on and blocking its requests prevents most of the malicious activity.
  • IP reputation will help in solving the comment spam problem, by blocking comment spammers early on in their attack campaigns.

But however a website owner tackles the problem, he or she really needs to take control – nobody wants to visit a site that seeks to send them to a porn or a fake pharma outlet, or worse.


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News, News_malware | Tags: , , , , ,