Making the Most of the Internet - Blog

 

Saturday, April 07, 2007

Blogging as a Spam Source

 

This was posted by Robert Tarrall on the SPAM-L spam list, which is a good source for trends as to what the spammers are up to and who is going to be their next victim.

Blogspot.com is quickly becoming a favourite hosting site for the spammers; about 20% of the blogspot.com URLs coming through our mailserver recently are spam.

Worse, Google (owner of blogspot.com) ignores email-based spam complaints and refuses to accept Spamcop reports. You're supposed to VISIT THE SPAMMER'S SITE and flag it as in violation; once enough people have flagged the site Google will supposedly take it down. Doesn't seem to be working very well - less than 10% of the spammer sites are taken down within 2 days so these are essentially guaranteed to stay up long enough for the spammer to get his results.

The porn spammers are setting the sites up so they immediately redirect to the real porn site, or at least something outside of Blogspot. You could turn off Javascript and avoid the redirect but then of course you couldn't flag the blog, so it is *impossible* to even follow Google's instructions for reporting the site.

In the past, this "refuse abuse reports, don't take down spammer sites" would ensure a quickly expanding listing (in the MAPS RBL in the early days, more recently in SPEWS) and other proactive blocklists. Didn't always work but in Google's case appearance is everything and if it became widely known that a Google property was a favoured refuge for porn spammers you could be sure that Google would change their tune.

Shame we no longer have that kind of leverage. Unlikely that Spamhaus would take this on and I'm not aware of any other blocklists with sufficient penetration to make a difference.

Here's a random sample of the spamvertised blogspot.com hostnames coming through our mailserver in the last couple of days. The *one* hostname marked [D] was either deleted or never existed. The ones marked [*] are redirects to porn sites using javascript embedded in the blog post.

debtalaiekhila
debtslaonen
foc-fuckk-com [*]
fsktsrmf-p-stars [*]
hvakjailekaakear [D]
local-a24fpkm8-7478
local-a334lskx-5209
local-av8xj3i7-2857
local-az5kher8-5888
mortenakahto
mortenakehlkhi
mortenakjaihl
mortenskjaih
mortenskjaxxo
vit-beavermovies-com [*]
yvyhhncb-p-stars [*]

I hope that Blogger do something about this worrying development.

Thanks to Robert for giving me permission to post this here.

Labels: , ,

0 Comments:

Post a Comment

<< Home