If the maturity of a Web technology can be measured by the amount of attention spammers pay to it, then blogging has definitely come of age.
After a wave of aggressive spam attacks this month, bloggers suddenly found themselves scrambling for antispam weaponry and confronting the questions that have bedeviled e-mail and Usenet for years. How much openness can blogs afford? What freedoms are bloggers willing to trade to keep spammers out?
The problem of blog spam is not entirely new. Last year “referral marketers” began inserting their clients’ URLs into bloggers’ referral logs. Around the same time, bloggers began reporting spam occasionally popping up in the public comments on their sites.
Until recently, however, comment spam posed little more than an occasional nuisance. But after blogger Jay Allen saw spammers hit 120 of his posts over the course of four days, he knew the problem had reached a new level of urgency.
“I realized that day that we were facing a new predator in the jungle, and if we didn’t adapt — and quickly — it would be having us for dinner,” he said.
The latest wave of spam attacks focused on Six Apart’s popular Movable Type publishing system, whose built-in comments do not require registration and allow bloggers to block comments only by IP address — a restriction spammers can easily avoid.
“Movable Type’s comment system is extremely open, which is incredible for a community tool, but unfortunately also highly susceptible to abuse,” Allen said.
In late September, the trickle of comment spam swelled to a torrent. Flash programmer Michael Gunn’s blog received 150 messages from “preteen” and “lolita.” Web designer and developer D. Keith Robinson started getting 40 spams at a time.
Across the Web, spambots were churning through bloggers’ comment threads, leaving behind dozens of links embedded in key phrases like “buy viagra” or “diet pills.” Others, more deviously, posted innocuous blurbs like, “Nice site you have here!” and embedded the spammer’s URL in the comment signature, under fake names like “underage,” “cheap shoes” or “phentermine.”
Bloggers agreed that, unlike garden-variety e-mail spam, the comment spam they were receiving was not designed to attract click-throughs. Its primary audience wasn’t human; it was the all-seeing search-engine robot.
By embedding URLs in hundreds of blog comments, spammers apparently think they can trick search engines — particularly Google — into believing that the blog community is abuzz with news of the latest cheap Viagra website. Since Google treats links as a measure of popularity, the thinking goes, a network of blog links pointing at the spammer’s site will give it preferential placement in search-engine rankings.
While Movable Type blogs make up a small fraction of the millions of blogs on the Web, that fraction includes some of the most popular and influential sites, including those of berblogger Glenn Reynolds (who does not enable comments), actor Wil Wheaton and the Howard Dean presidential campaign.
“If you were trying to select for a group of people that have high page rank and have high traffic, Movable Type is a good place to start,” said Cameron Marlow, creator of the blog aggregator Blogdex.
Danny Sullivan, editor of SearchEngineWatch.com, however, said comment spammers may be overestimating
the influence blogs have over search-engine results.
“There have been some misconceptions that blogs have almost superhuman power over search engines, which is not the case,” he said. “Some people may have bought into that hype and believed that all they needed to improve their ranking was to get a bunch of links from blogs.”
Sullivan added that whatever effect comment spam had on search-engine results would be unlikely to last long. “All spamming types of things are failing strategies,” he said. “They may work for a very short period of time, but search engines come back, and it’s another step in the constant arms race between search engines and the people who optimize for them.”
For now, however, comment spam remains a serious nuisance. In some ways it is even more insidious than its e-mail counterpart. Where e-mail spam is at least easy to spot and delete, comment spam can pile up unnoticed in hundreds of separate comment threads.
And once a blogger spots an infestation, getting rid of the unwanted comments can be a tedious chore.
Six Apart co-founders Ben and Mena Trott said they planned to improve comment handling in upcoming releases of Movable Type and their hosted blogging service, TypePad. Among the features under consideration are bulk deletion of comments generated by a particular IP address, and the ability to delete comments directly from notification e-mails sent every time a user posts.
The Trotts cautioned, however, that there would be no quick fix. “Like e-mail, there isn’t one simple solution that can be switched on and end spam completely,” they wrote on Six Apart’s official blog.
Not that there was any risk bloggers would adopt one simple solution. Only weeks after bloggers raised the cry for help, Movable Type users had devised numerous hacks, workarounds and full-fledged add-ons to combat the problem. Unsurprisingly, each generated its share of debate.
Many bloggers reported success at stopping the flow of spam, but everyone seemed to agree that what they had experienced so far was just a taste of what was coming.
As “Armed Liberal” wrote on WindsofChange.Net, “There’s no reason these attacks couldn’t be scaled to add hundreds of comments to each weblog.