esc.public
Nonsense comments on blog
Thread Starter: Rosemary West Started: 9/26/2008 3:46 PM UTC
Replies: 10
9/26/2008 3:46 PM UTC
Nonsense comments on blog
Delete

Rosemary West

From time to time, I get a rash of nonsense comments on my blog. The
text of the comment will look something like this: bmzps kjvl
ysaxhegqj zbmiye ybhpj cmyws qfuxg. Occasionally they contain links,
but if they do, the links are just nonsense, like the text. I use a
captcha scheme for comments, so presumably people are taking the time
to enter these by hand. I don't understand what the point is. --
Rosemary West
ESC Webmaster
9/26/2008 4:15 PM UTC
Re: Nonsense comments on blog
Delete

Scott Kane

Rosemary West wrote:

Hi Rosemary,

From time to time, I get a rash of nonsense comments on my blog. The
text of the comment will look something like this: bmzps kjvl
ysaxhegqj zbmiye ybhpj cmyws qfuxg. Occasionally they contain links,
but if they do, the links are just nonsense, like the text. I use a
captcha scheme for comments, so presumably people are taking the time
to enter these by hand. I don't understand what the point is.  

I get these too, less so now though.  If you're using WordPress have you got Askimet installed?  It's seems to deal with most of these.

I think the point is to see if you're using any kind of filtering. Rather than hand type or paste a bunch of links they put in some garbage keystrokes and click submit then try again with real links.  Also some anti-spam tools look for content with links, and approve them but reject content with links alone.

Then again, some folks seem to be completely balmy...  ;-)

Scott Kane
http://www.davidscottkane.com
9/26/2008 4:22 PM UTC
Re: Nonsense comments on blog
Delete

Rosemary West

On Sat, 27 Sep 2008 02:15:34 +1000, Scott Kane <scott@cdroo.com> ha
scritto:


I think the point is to see if you're using any kind of filtering.  

The funny thing is, I am using filtering which catches most of the
real spam, but it doesn't catch the nonsense because that doesn't fit
any well-defined parameters. So if they are doing this as a test, they
are wasting their time, since anything they really want to post is
unlikely to get through.
--
Rosemary West
ESC Webmaster
9/29/2008 9:40 AM UTC
Re: Nonsense comments on blog
Delete

Scott Kane

Rosemary West wrote:

Rosemary,

The funny thing is, I am using filtering which catches most of the
real spam, but it doesn't catch the nonsense because that doesn't fit
any well-defined parameters. So if they are doing this as a test, they
are wasting their time, since anything they really want to post is
unlikely to get through.

There's a plugin that I'm about to test drive, so I won't recommend it yet.  It references the known spammer/script kiddie/hacker archives (Swiss based effort) that is supposed to auto ban known offenders.  If it does as it's supposed to do I'll post and let you know if it's worth it.  Don't be afraid to remind me though as I have a head like a sieve when it comes to remembering. <g>

Scott Kane
http://www.davidscottkane.com
http://www.mixaction.com
10/1/2008 6:06 PM UTC
Re: Nonsense comments on blog
Delete

Scott Kane

Rosemary,

Just a follow up.  The plugin I mentioned turned out to be a total disaster. Completely jammed up the database as it makes it's calls externally for each IP logged by the server.  Ended up crashing everything.  Was locked out of the site for a while tonight.  So not recommended...

Scott Kane
http://www.davidscottkane.com
http://www.MixAction.com
10/1/2008 6:14 PM UTC
Re: Nonsense comments on blog
Delete

Rosemary West

On Thu, 02 Oct 2008 04:06:11 +1000, Scott Kane <scott@cdroo.com> ha
scritto:

The plugin I mentioned turned out to be a total disaster

Thanks for the update.

--
Rosemary West
ESC Webmaster
10/5/2008 7:06 AM UTC
Re: Nonsense comments on blog
Delete

Scott Kane

Rosemary West wrote:

Rosemary,

A follow up on this.  There's a new trend where-by spammers and scammers are using social networks and search engines (such as Google) to spam. For example YouTube is being hit hard, as is GMail and the actual Google engine itself.  Following back some of these give you a Google engine result (via the link).  Now, it's not clear how these crazy links benefit them and I suspect some of them are either experimenting or getting the process wrong.  Possibly the likes of Google are doing something that's breaking their scam/spam/splog as well, not sure and it's unlikely Google would tell us anyway if they were.

I received the heads up in a security email I get on exploits yesterday and followed one of these crazy links on my blog today and found it was in fact pointing to Google on the search term "ybaeewmo" which of course is utterly ludicrous and produces no results.  I suspect it may be an attempt to get blacklisted sites credibility through links by using search terms that mean nothing and therefore aren't under Google's microscope.  But who knows?

Scott Kane
http://www.davidscottkane.com
http://www.mixaction.com
10/5/2008 4:05 PM UTC
Re: Nonsense comments on blog
Delete

Rosemary West

On Sun, 05 Oct 2008 17:06:21 +1000, Scott Kane <scott@cdroo.com> ha
scritto:

But who knows?

I think that sums it up! <g> A lot of what these scammers and spammers
do is so far outside the realm of normal logic that it's almost
impossible to figure out why they do what they do.

--
Rosemary West
ESC Webmaster
11/21/2008 2:26 AM UTC
Re: Nonsense comments on blog
Delete

Scott Kane

Rosemary West wrote:

A follow up to this.  Seems this might be the intent of these messages:

http://www.anders.com/projects/sysadmin/formPostHijacking/

Scott Kane
http://www.daviscottkane.com
11/21/2008 3:44 AM UTC
Re: Nonsense comments on blog
Delete

Rosemary West

On Fri, 21 Nov 2008 13:26:58 +1100, Scott Kane <scott@cdroo.com> ha
scritto:

A follow up to this.  Seems this might be the intent of these messages:

http://www.anders.com/projects/sysadmin/formPostHijacking/


Yes, that does explain nonsense emails entered into contact forms. A
lot of systems now prevent this kind of exploit, but there are still
many that don't. I used to get a few of those attempts, but since I
made my contact form more complicated it doesn't seem to happen any
more. On the other hand, I still get a lot of nonsense blog comments
(although now I never see them as my system sends them straight to
oblivion). I don't see how the blog comments could be turned into
email exploits, but maybe I'm missing something.

--
Rosemary West
ESC Webmaster
Follow the ESC blog - It's free and easy!
http://educationalsoftware.blogspot.com
11/29/2008 5:57 PM UTC
Re: Nonsense comments on blog
Delete

Scott Kane

Rosemary West wrote:

I don't see how the blog comments could be turned into
email exploits, but maybe I'm missing something.

Could be ignorance on behalf of the would-be spammer not knowing the difference between a contact form and a comment form.

Scott