Archive for February, 2012

On January 15, WebCommons launched a new awards program called the WebCommons Spambot Awards, dedicated to recognizing those entities responsible for the spambots that continually attack our websites, as well as entities, tools and techniques that help us deal with them.

Today we'll focus on Category 5 – Most conspicuous technique/tool used for automated spamming.

One word: XRumer.  That's the end of the post. (deja vu) 

As you can see, I'm not linking to the XRumer site, as this award program and critique is about all the advertising I'm giving this degenerate software.  From Wikipedia, XRumer is a "blackhat SEO program that is able to successfully register and forum spam with the aim of boosting search engine rankings."

Further:

The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises socks and http proxies in an attempt to make it more difficult for administrators to block posts by source IP and features a proxy checking tool to verify the integrity and anonymity of the proxies used.

It's a nasty beast.  But it's not very difficult to detect.  Sometimes this bot hits your site with a conspicuous user agent.  Also, beyond using a captcha, a registration form can be devised to trap automated registrants in multiple ways (another topic).  In short, automated registrants are pretty dumb and can be outsmarted.  There's also the ready ability to block the IP ranges from which a lot of these spambots come from.  If a forum administrator is diligent, these spambots rarely make it through to the point of actually posting a spam.

So, if these automated spam programs are easily defeated, why are they still so bad?  Well, one, the developers of them keep coming up with new ideas to break through your defenses, and so, as the forum administrator, you have to keep on your toes with conceiving of ways to block them.  They're also bad because they are fake traffic for your site, and who wants to pay for the bandwidth these miscreants suck up?  And who wants a site slower than it could be because of this extra traffic?

If you have been a web administrator for any significant length of time, surely you can think of at least one conspicuous technique/tool used for automated spamming (I nominated one myself).  So, please nominate one to five of them in responses to this post, or in responses to the original awards program post.  Or in an e-mail directly to us.

Thank you very much for your participation!

I am definitely opposed to SOPA/PIPA, as the potential damage from these pieces of legislation was clear: They could bring down many websites for illegitimate reasons, thus posing a threat to free speech and ruining the great technical achievement (as well as the huge industry) of the web overall.  And so, in this case, my position coincided with that of the Electronic Frontier Foundation (EFF).

But now, the EFF wants me to sign a petition against the so-called Data Retention bill.

The U.S. House of Representatives is currently considering H.R. 1981, a bill that would order our online service providers to keep new logs about our online activities, logs to help the government identify the web sites we visit and the content we post online. This sweeping new “mandatory data retention” proposal treats every Internet user like a potential criminal and represents a clear and present danger to the online free speech and privacy rights of millions of innocent Americans.

I’m not sure I’m as quick to jump on this bandwagon, as I don’t see a problem with ISPs keeping records for 12 months for the following reasons:

1. ISPs already retain data anyway, for time periods of their choosing.  ISPs arguably need this data to track down users who are “abusin’ the tubes” in various ways, including our friends, the spambots, as well as the more nefarious denial-of-service attackers.  If you don’t like this, do you really like the idea of websites that you visit being brought down or ruined with spam all the time?
2. A uniform standard could be useful, as it should make Internet abusers realize that there’s no safe haven for their activities.  No playing one ISP against another, and you can’t get away with –it any more.
3. Privacy concerns may well be overblown.  It’s not like the ISPs can do much with this data, unless requested by authorities with a just cause.  We’re talking mounds and mounds of barely decipherable data here.  It’s only really useful if you already know what things to look for, and for a very good reason, usually to see what a specific Internet abuser is doing around an exact time period.  Unless we have evidence of ISPs using this data for other purposes, I don’t think we should be alarmed.
4. The idea that companies would have an easier time figuring out who their critics are (and similar horror stories) would seem kind of frightening, until one realizes that ISPs already generally retain data, and a company can’t just walk into an ISP and demand this kind of information — they have to get a court to agree, and that’s not as straightforward as you may think.

What are your thoughts?  Am I missing something?