Monday, August 18, 2008

32. Spam, Splogs and Blog Phishing

Web 1.0 gave us email - and all the spam we could stand to go with it. Web 2.0 gives us blogs - and comment spam, splogs and clever (and not-so-clever) blog phishing expeditions. While most of the time, spam is fairly harmless, it can also be used as a delivery mechanism for all kinds of nasty viruses and computer attacks. This lesson will give you a quick overview of the "2.0" spam that is out there and how to avoid it.
Comment Spam
This form of spam is basically a response to a blog post that either 1) has nothing to do with the post and is just a way for the commenter to get his URL out or 2) is a laundry list of links to porn, gambling, drug or malware (bad software that carries a virus) sites. Many of the more popular blogging platforms already do a pretty good job of screening out that kind of spam, but some will get through - just like email spam. You can set comments to moderated so that you have to approve all comments, but that is time-consuming for you and can put a damper on the conversation if people have to wait a while for their comments to show up. The "best practice" for blogs is to allow unmoderated comments, but pay attention to what is coming through and ruthlessly delete any that aren't on-topic and useful!
Splogs
Splogs are blogs that are in exist only to make their creator's some money. The creator "scrapes" other blogs for content - basically copying and pasting whatever is said on another blog to their blog (sometimes this can be automated) and sticking advertisments on it - hoping to get traffic that may have been headed to your blog to come to their blog instead - where they can then show them a bunch of ads and make some money! This is, of course, a violation of copyright, usually. Depending on the copyright license you choose (see the Creative Commons lesson earlier in the year for more on that), just attributing the post to you - and not all of them do that - is not enough for many licenses. Even if they do attribute, they aren't adding value, or ideas, just copying and nobody likes that. The bad news is that there isn't much you can do about them. You can complain to Blogger or Wordpress.com and get them shut down, but they'll be back very quickly. You can also take the fact that they are copying your work as a compliment. They wouldn't do it if they didn't think it would get them some traffic!
Blog Phishing
This is a fairly new phenomenon that puts links to phishing sites (see Wikipedia's definition of phishing if you aren't familiar with the term) into either your comment area of your blog, wiki or "comment wall" or into your referrer logs (the statistics that show who is linking to you and that some Web 2.0 services offer - such as Wordpress.com). These links will take you to a site that you may think is one thing, but is actually something far more malicious and dangerous.
Twitter Attacks
Recently, there was a news story on the BBC website that documented the first known Twitter attack. The account's profile link went to a site that attempted to download a fake version of Adobe's Flash player, which then went on to steal data off of your computer. Other Web 2.0 sites, most notably MySpace, have fallen victim to malicious profiles as well.
Protection
How do you protect yourself from all of these attacks? The easiest way is to use a browser or operating system (OS) that is more secure than the standard (Microsoft) options. The Firefox browser and the Linux, MacOS (based on Linux) operating systems are currently more secure than most versions of Microsoft's operating systems (including Vista and XP). Most of the security, however, comes from the fact that they are relatively unused and so virus/malware writers don't target them - the MS world is a much bigger target. Not all of us have the option of choosing our OS and browser, anyway, so if you have to use IE and XP or Vista, you can still take precautions.
Paying attention to what you are clicking is key - note whether the URL (the website's address) has funny characters (ones (1) instead of lowercase Ls (l) or zeros (0) instead of lowercase Os (o)) and be careful when clicking on URLs that are shortened with a service such as tinyurl or is.gd. Those URLs don't give any clues at all about what lies behind them! Make sure you know who is sending you a shortened URL before you click!!
For the spam issues, you can also use a good spam filter that is built into most blogging platforms to help cut down on the comment spam that you get. Wordpress uses the Akismet filter. I'm not sure what Blogger uses, but it isn't bad... This will help you keep the comment spam under control and your blog far more useful for both you and your readers!

13 comments:

Anonymous said...

Sigh! For every good and fun service out there it seems like people have to try and mess with it. Thanks for the tips on how to be careful with blogs and other web 2.0 functions and what to watch out for to avoid those devious or time-wasting people.

Anonymous said...

So unpopularity has its upside.
Good to know about these problems.

Anonymous said...

I would have much more to comment on if I blogged or even had anything important or even not important to write about...but I don't so I don't have to deal with any of these problems :) But...uh...good to know!

Eric said...

A simple (but certainly not completely effective) way to check links is to hover your mouse pointer over the link without clicking. If tooltips are activated, the address of the link will pop up. If this address doesn't resemble what you were about to click, then don't!

Anonymous said...

That is all very good to know about. So far I haven' had a lot of trouble with my blog, but now I am aware. Thanks

sexybeast said...

why do people have to mess with everything? You cannot just go about your way doing what you do without some arse trying to ruin things. I'm bummed. Maybe I will blog about it.

betterlate said...

What a shame we have to be so careful. thanks for the information.

Anonymous said...

I have found myself in this situation before where the site i thought I was going to, suddenly took a turn to a site I could have gone without seeing. Thanks for the information on what to look out for it's sure to be a help.

Anonymous said...

Vandalism in another format. Firewalls can be helpful on this but they can also be a pain if they block you out of a site, so it's hard to say which I prefer. Caution is definitely the word.

Anonymous said...

I don't blog, but the information as to where technology as at and what people can do with it, never ceases to amaze me when I go over these lessons.

Anonymous said...

It is frightening how quickly the sharks in the sea of the internet begin to circle any new opportunity to be malicious. It seems as soon as a new site or a new tool emerges someone finds a way to screw with it.

I Don't Know How She Does It! said...

This information is very useful. Thank you for providing such detail on everything. It explains a lot of things I have heard about or experienced first hand.

Anonymous said...

Yep, lots of losers out there, doing dastardly deeds. So what else is new? Thanks for the info and warnings.