The attack, which appears to have begun sometime on Friday, has been persistent for the past four days. However, at this juncture, it appears that my defenses are holding fairly well. Fortunately, reCAPTCHA was able to keep all of the spam comments from reaching the surface and Akismet only let about two or three dozen of the trackbacks through. All in all, the vast majority of it so far has been blocked, but more than enough seeped through to obtain my attention.

What appears to have happened is that an affiliate for Sportsbook.com has been created dozens, if not hundreds, of spam sites and sending out massive amounts of comment and trackback spam to promote them.

But while there is little unusual about the technique other then the sheer volume, hundreds of messages at this site alone, there are other elements of this attack that are unusual and may be a sign of what is to come in the future of Web spam.

Anatomy of An Attack

The attack, so far, has involved hundreds of trackbacks and comments spent from a variety of IP addresses across the globe. The wide disbursement of IP addresses seems to indicate the likelihood that the spammer is using a botnet, which in turn indicates that this attack involves many more sites than just this one.

The trackbacks and comments generally are filled with gibberish about gambling, often in a foreign language, and are linked to a variety of posts across a wide range of servers. The only thing consistent about the comments and trackbacks was that all I have seen attempted to bold a passage in the spam using the “strong” tag.

However, what made this attack somewhat unique is the links that the spam messages pointed to. Rather than using the usual mixture of throw away domains and blogspot blogs, the sites were spread all over the Internet including at sites that have not, traditionally, had a major problem with spam creation.

Some of the sites involved included Google Groups, including several international variations of it, Blurty, OpenDiary, GreatestJournal, Viabloga and Multiply.

Even Oracle’s Bugzilla server was the host for one of the spam URLs.

But even though the URLs were spread across multiple services of different types, the resulting pages were very similar. They contained two large images (where possible) that linked to one of several throwaway .info domains. The domains then redirect any clicks to a page at sportsbook.com

Below the images, the sites have several paragraphs of keyword-loaded content about gambling and various sub genres. The gibberish nature of this content indicates that it is either automatically generated or is a another case of a spinning scraping.

Either way, the end result is the same. Pure garbage and tons of spam.

Sample Links

Please note that all of the links below have been nofollowed. These links are designed to show samples of the pages on their various hosts. Be careful when following these links as I can not promise that they do not contain malware and adult content. I can not vouch for the material on these sites.

All links were working as of 10 AM central time on November 20.

Google Groups (FR)
Google Groups (ES)
Google Groups (IT)
Multiply
GreatestJournal (link down within 4 minutes of reporting)
Bugzilla.Oracle.Com

What This Means to Bloggers

Spam is evolving. That not only includes the waves of trackback and comment spam that must be guarded against, but also new scraping sites and plagiarists.

Though we’ve seen a lot of tactic changes from spammers over the past few years, this one indicates a strong diversification. No longer are spammers focusing all or even most of their energy on “high value” targets.

On one hand, this could be a sign that the recent pushback at Blogspot regarding spam blogs could be having the desired effect. However, it doesn’t mean that Google is off of the hook as nearly half of the links came from various Google Groups sites.

In short though, spammers are branching out and services that previously only had a minor problem with spam will likely soon find themselves at the forefront of the spam war. Sadly, these companies often do not have the technology nor the resources to battle against a major spam assault and can not implement effective counter-measures fast enough.

This means that, not only will spammers likely start upping the amount of content theft and spamming they execute, but that it will be across a wider array of sites. Equally bad, blog services that were once trusted and highly-regarded could become spammy neighborhoods in short order as they become overrun by junk.

There is no real advice one can give for this, other than to be advised and be on the lookout. Odds are this spam attack was not an attack at all, but merely an intense salvo in a never-ending war.

Conclusions

As if to further the theory that it is just a salvo, I delved into my blocked spam folder and I see that a second attack has already begun. This one dealing with a check cashing scheme. Many of the same domains are involved, including Google Groups. The pages fit the same formula, though with one image instead of two, and it appears to be the work of the same group or individual.

Things are definitely getting ugly but, this time, the defenses seem to be holding a lot better. Most likely, Akismet has updated itself to deal with this new wave.

Still, the very nature of this evolution is going to make it a difficult one to track and stop. It is only a matter of time before another shift in the formula enables the spammers to break through, if but for a moment.

In the meantime, bloggers and Webmasters are caught in the middle, both having their content repurposed to fill the spammy pages and then fighting the fake trackbacks and comments.

As sad as it is, we’re fighting the war on two fronts and both fronts are shifting. Our tactics will have to change accordingly.

However, it was only recently that it got the attention of the publisher of Opendiary.com. He posted a comment to it saying, in part, that he finds plagiarism “despicable and will do what I can to stop it.” He also said that there is a method in place for reporting rules violation and that it had been used successfully in another incident involving his site. Finally, he offered a direct email address for anyone with plagiarism complaints to forward their requests directly to him.

While I want to be optimistic and call this a sign that things have changed. I have several concerns. First off, the means of reporting violations, clicking the “Report a Rules Violation” link underneath “Help” on the page itself, has proved ineffective. I have filed at least one complaint through that and not received a response, even after using a full DMCA notice.

To make matters worse, I sent an email to the address listed in the comment shortly after it was posted and now, nearly four days later, I’m yet to hear a reply. My intent with that letter was to address continuing concerns that I had and to get more insight from them for the purpose of writing this article. I’m sorry that I never heard back from them before I posted this and I still hope to do so.

In the meantime though, no matter how hard I want to believe that this is a sincere change, until I see actual evidence of improvement, I have to keep my current stand. However, I will continue to inform everyone on things as they change. The law of probability says that I’ll have another incident on opediary.com or one of its related sites soon. We’ll see how that goes.

01/04/06 Update: A few days ago I received a reply from the Diary Master at OpenDiary.com. He said that he had already downloaded the form from the United States Copyright office to register his designated agent as per the DMCA and was planning to submit it soon. He also confirmed that the above mentioned “Report a Rules Violation” was the best method for handling such complaints.

Though I am very pleased to see him taking such an active role in issues fo copyright infringement, I will be following up on this as keeping watch as things progress. I sincerely hope to be able to remove OpenDiary.com from the Villians list soon.

Update 09/20/07: I am closing comments to this piece because people are commenting to it before they read the entire piece, checking the updates or the other comments. This matter is closed and has been closed for over a year.

[tags]Plagiarism, Blogging, Copyright Law, Content Theft, Copyright Infringement, OpenDiary[/tags]