Broken Toys

I refuse to believe that people give -that much of a shit- about Paris Hilton.

When the first truly artificial intellegence arrives, it will be a spambot…..

God help us all…..

Eventually, we’ll all have to go back to walled fortresses.

Even the smallest blog that doesn’t want to turn into a cesspool of spam shitnibblets will have to be password-protected and invite-only. I know that sounds repugnant to everybody that had this utopian dream for the Internet and information sharing, but I don’t see another way.

The problem is that spammers have realized that they can circumvent any spam protections by hiring cheap human labor in Asia to post their spam for them (I know this because once in a while one gets through my forum captcha and email verification). So even captcha becomes useless after a while. And some bots can read captcha too.

The goal is traffic. They want you to go to their site to
A. Sell you something
B. Infect your computer so they can turn it into a zombie that sends spam

As far as Paris Hilton… it’s a holdover from when the top search term on the net was that video of her and her lover. I doubt spammers care that much about her either.

Whats even sadder is that spam is moving away from “please click me” to “here is an advertisement” right in front of your face. Blogger users are starting to see widespread comment spam that has nothing to do with links and really tries hard to sneak advertising into legitimate looking comments. I manually delete a dozen or so comments a day that are just amazingly offbase, but contain absolutely no links. And if Lum is the backwater, I am just a cinder block someone threw in the pond.

Sorry but I really feel this post about spam is sensationalism.

In all aspects of any society, it is a given that there are enough people so that all avenues of revenue will be tried, all doors will be opened, and all means of gaining an advantage over the other individual will be taken.

Just assume that the other 4294967295 IP addresses are out to get you. Turn on your capatcha, lock your front door, and cancel your credit card when you loose your wallet.

The internet is not a utopia.

(FYI: Capatcha’s are defeatable, but they require more CPU and development time => more expensive to spam)

Nuke them from orbit.

It’s the only way to be sure.

As best I recall, Google bases some of their search algorithm on the number of links to your page. The more links you have, the higher up your listing appears. So the need isn’t for the person looking through the comments to click on the link. It just needs to be there for the Google bots to pick up.

Stupid commented:

I don’t allow comments on my blog for just this reason. IMO, a blog is not a discussion forum.

Comments on blogs are apparantly for irony.

“Captchas have been broken, both through trivial image recognition and through simply paying someone 1/4 cent to type them in.”

Yes, but this is exactly how you defeat spam. You don’t beat it by making unbreakable filters, because there is no such thing and never will be. You break it by raising the price. Even with broken captchas, the time and effort goes up a fraction. That fraction increases the cost and lowers the profitability by a small margin. Every time we can slice off a little more of that margin, we make it less worthwhile for spammers, which is the only way to kill spam.

The only other way to stop spam dead would be real honest-to-god smart AI filters. But considering that it’s the spambots that are more vigorous, if anyone is to accidently develope the first spontanious AI it’s more likely to be born from the spambots themselves.

Self-aware spambots. Now there’s a creepy thought for the day.

On august 18th, 12:47AM, SpamBot became self aware…

Akismet + Bad Behavior works like a charm, for now…

In the old days, people had to be irritating jerks in person, selling Amway door-to-door…now, thanks to the miracle of computerization and the Internet, people can be irritating jerks through automation.

I, too, am amazed that there are enough people out there who actually buy the crap that spammers sell, enough to make this whole insane mess profitable…

Fuck captchas! They suck. I cannot tell you the number of times I’ve actually failed to prove via a captcha that I am an actual human being . . .

No I think requiring OpenId is the right approach, & then having shared whitelists among communities of bloggers for known good people.

TK

I get junk mail for the previous 5 or 6 residents of my apartment.

The driver of my shuttle bus likes to play the local CBS radio news affiliate, which from what I gather is 80% ads and 20% sponsor-supported content. With mp3 and CD players these days, why does anybody even own a radio?

Gmail does a great job of filtering spam, maybe one or two get through per month – out of thousands.

However, if spammers are forced to use real people to get through automated defenses, the volume of spam will be cut dramatically (maybe by 99%). They would have to hire half the world population and have them work 18 hour shifts to generate comment spam at even a fraction of the rate of a bot (and all those computers running at the same time will bring on the premature cold death of the universe).

>It’s not sensationalism; its why comments here >and elsewhere will shortly go invite-only, simply >because all the tools you glibly recommend we >use to “lock our doors” are broken.

Not broken, but not complete. They do their part.

I recommend this experiment. Create a vBulletin forum with sample trash data. Link to it at various places but don’t bother having people post. Just fill it up with trash.

- Allow guest posting and see how much spam you get.
- Turn on registration only but allow anyone to register, and see how much spam you get.
- Turn on your CAPATCHA for registration, repeat.

No less than three months ago I did this scenario and after 1 week of being live (with a new URL) I got:
- Registration on, no CAPATCHA: 1 or 2 spam posts a day.
- Registration on, CAPATCHA required: 1 spam post a month.

Inherit protocols with the internet allow spam, much like the game mechanics of MMOs will allow gold farmers. Equally comparable is that , regulation and prohibition won’t combat either.

“Something will work to block spam until the spammers defeat it.”

Well duh. Just like in the encryption world, any particular method is only as good until it breaks! (example: AES encryption is only as good as long as there are only deterministic computers)

1) Create a counter -> counter gets countered.
2) Declare the internet to be broken!
3) ???
4) Profit!

Whitelists work right up until the point when someone pays enough money to get on them.

I host my wordpress blog on Dreamhost, BadBehavior/Akismet has keep all but 6 posts from landing in the 2 years since I blitzed Movable Type.

The ones that got through? They came from registered and CONFIRMED users. My only solution (which likely wouldn’t work at all for you) was to blitz the user list and go to double-moderated users only. I have to approve your user before you can comment and approve your first comment. After that, you can post at will.

It’s ridiculous and the result is that no new comments have been posted since as the folks that would have posted something just sent me an email instead.

Im not sure why you publish my comment on your massive blog as spam with BOTH my work email and my ip-number.. but it doesent feel right.

Did i do something wrong here?

how many hits do you get a day?

It’s not even about advertising or that one in a million idiot who ponies up. It’s the same thing as covering stop signs with opaque black paint. It’s simple vandalism of the oldest kind — “look what I can do to you and you CAN’T STOP ME.” The spammers don’t care a whit about getting responses, they amuse themselves getting anonymous control over you. Even before you opened your mailbox, they’ve already received their reward, their payoff, knowing they’ll waste half an hour of your time and force you to wall yourself in with filters and white lists. They entered your electronic house and stole the only thing you had of value — your privacy. I recently started working at a company that has the best security in the business and I’ve never posted/published my company-issued alias anywhere — yet I still get spam there.

I used to have a real job many years ago where we sent junk mail to potential donors. (I did fundraising for a local theater by day, production by night.) As the lowest level member of the fundraising team, I got stuck with direct mail. Yes, even the people who inflict it hate it, and prefer cozy little auctions and snuggle time with known donors.

We bought or swapped mailing lists with local orchestras, art museums, etc. And if we couldn’t arrange a purchase or a swap, my job was to go snag a program and copy, BY HAND, the list of major donors. And cross reference with our own major donors since they tended to be the same people. And use the phone book to match addresses with the names of the handful that didn’t cross reference. I did have a very early computer at this job, so I could cross reference without too much pain, and at the end I could auto-generate the address labels.

All that effort was towards the holy grail of 2% returning my postage paid envelope with a check enclosed. The month I got 3% back I was taken to dinner and celebrated as a god.

All that work for 2%. If all I had to do was click a few buttons to send my bot on its way to get 1% return? It would have been a MASSIVE profit to my company. Shrimp nets are faster than targeted hook and line setups. Because of this, spam is not going to be stopped by any of the means bandied about here except invite only filters. The things some of you suggest would have to increased by many orders of magnitude to affect the margin I explained above.

Well, if the first AI existing is going to be a spambot… then the only way to battle it will be the creation of an AI spambot slayer!

And then, when they battle it out and eventually the anti-spam-bot AI wins and takes over the Matrix, at least we’ll be add free?

From L’Emmerdeur:
why does anybody even own a radio?

For NPR and the local college radio station, of course.

As far as stopping the blog spam? Keeping the comment pages in your robot.txt should stop the more intelligent spammers. Though there is no promise of intelligence when it comes to bots. Why waste even $0.00001 on a comment that will NEVER get indexed? This and forbiding html links would go a long way to slowing spammers (IMHO).

and by the way… what the hell happend to your template??