Blog Tags: 

Some spam bots are human

Out of curiosity I've taken a look at what kind of spam is now getting through our automated defenses. I did a little digging and confirmed a long held suspicion.

In a nutshell, I've caught a 100% human spammer and thus verified that indeed there are people in China who's job it is to post comment spam on random websites.

The attack came from 120.43.13.81, a Chinese IP.

On Jan 12th 8:53:02 he first came to our site from Google. He was searching for:

"post new comment Create new account site:.org"

Landing page:

http://www.turnkeylinux.org/forum/support/20101205/lamp-new-user-problem

Browser: IE 7

2 minutes later (08:54:39) he tries registering for an account.

1 minute later (08:55:38) - he verifies the email by clicking on a link in his hotmail webmail.

He spends the next 5 minutes trying to post a spam comment unsuccessfully to:

http://www.turnkeylinux.org/blog/easy-vps-tuning

The content:

""" Welcome! Genuine UGG Elsey Boots

Welcome! Genuine UGG Elsey Boots are offered in our UGG online store!Shop the Discount UGG Elsey Boots Sale.buy UGG Metallic Boots on our store,UGG Metallic Tall Boots is one of the hottest uggs.Buy Ugg Liberty Boots here with reasonable price in 100% satisfied and quality guarantee.provides the cheap UGG Classic Mini Boots.Our website provides you cheaper Ugg Sundance II Boots.We offer high quality of Cheap UGG Classic Tall Boots, fast delivery.Have been dreaming of owning Cheap Ugg Ultra Short Boots """

All 5 of his post attempts are rejected by Mollom on the basis of the content.

09:00 - human spammer leaves the web site with nothing to show for his efforts.

Why I'm sure this is a real live human being:

  1. This is a real browser that downloads images, CSS, and scripts.
  2. He got past spamicide, Hashcash, bad behavior and even Mollom on user registration. The only thing that stopped him was content analysis of the comment post attempt.
  3. The timing: a computer program shouldn't have taken 7 minutes to do the job. Sure you can program in delays but what would be the point?
  4. He didn't give up after the first failure: it would be stupid to automate such a pointless heuristic. A stupid programmer wouldn't be clever enough to write a program that either controls a real browser for this purpose (very resource inefficient) or emulates a browser so perfectly that you can't tell the difference.

I almost feel sorry for the poor wretch. Worst job ever.

Comments

OnePressTech's picture

In WordPress you can configure comments to be by logged in members only with first submission manually moderated / approved by the forum moderator. This simple mechanism with a captcha on the login blocks most automated spam and most manual spam from showing up on the website. You then decide to add on more protection tools only if spam is still an issue or to reduce the amount of spam the moderator has to wade through.

Does Drupal not have a "moderate first submission" feature? It doesn't keep the spam from the moderator but it does keep it off the website so the users don't have to live with it.

Regarding human spambots I'm surprised that you were surprised. This is a well known market that has been around for years. The more modern version is to buy social network "likes" (see http://blog.wishpond.com/post/74283886668/should-you-buy-facebook-likes).

 

Cheers,

Tim (Managing Director - OnePressTech)

Jeremy Davis's picture

Most of our spammers tend to use accounts so this might be a great option. TBH I'm not sure if Drupal does have. If it doesn't it probably should!
Erwin's picture

Good thing you posted his message here, otherwise all efforts of the poor fellow would be wasted.

Pages

Add new comment