Comments on: New wave of Blogspot spam http://blog.wpkg.org/2008/04/12/new-wave-of-blogspot-spam/ a technical IT blog Fri, 13 Jan 2012 23:16:03 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Adam Randomhttp://blog.wpkg.org/2008/04/12/new-wave-of-blogspot-spam/comment-page-1/#comment-339 Adam Random Sun, 13 Apr 2008 02:34:29 +0000 http://blog.wpkg.org/2008/04/12/new-wave-of-blogspot-spam/#comment-339 These emails have been turning up for quite a few months now and, for me, did originally include many geocities hosted pages.When the spams first turned up they also used a different method of redirecting you to another page. I can no longer remember what they did, but it was not obfuscated and I guess that the blogspot staff did a good job of blocking it because once a few thousand blogs were reported, the spam stopped for a good 10 days.Once the spam started again, I had lost my geocities spammer but the blogspot one was going strong. The URLs had an interesting property this time. The same URL was never sent to more than one email address and as a result there was speculation that they might be using unique URLs to detect spamtraps and normal humans reporting them to the URIBL. A massive data mining exercise. It certainly seemed to hold true for me as any time I reported 50 or so URI, I stopped getting blogspot spam for a number of days and also had a marked reduction in all other spam too.By watching what other people were submitting, I could tell that during the times I was getting no blogspot spam, lots of other people were still getting them. http://rss.uribl.com/hosters/ shows all the submitted and active free hosters in the last 5 days.This last batch of blogspot spam seem to have lost their uniqueness. Any blogspot URL I get now days are listed on the URIBL within minutes by others, and I'm getting hundreds of them every day. It either debunks the idea they were spamtrap hunting, or proves that the spammers just don't give a hoot. An email getting through to anyone (or in my case, anything as it all gets processed by programs) is fine with them.Anyway, I have been investigating using the "Flag as inappropriate" feature on the loaded blog to a notify blogspot staff of the spam blog. Loading the blogspot page will give you the "blogid" in a meta tag at the top of the page - EditURI. Also included up there is the "me" meta info which is a link to the blogger/spammers blog account which can tell you which month and year they signed up (if it's the same month, you can assume pretty safely they are a spamming prick) Once that info has been pulled out, you can use the ID to create a URI to flag the blog as inappropriate and the blog will be reviewed by a human. The general hope here would be to poke them into action to fix their abuse problem. eg. ptfi3t9hf1ppmp.blogspot.com, the id is 4637393089326112718. The page contains the stupid unescape location rewrite code so build the following URI stolen from the navbar frame and load it. That should flag it for review :) http://www.blogger.com/flag-blog.g?nav=1&toFlag=4637393089326112718 These emails have been turning up for quite a few months now and, for me, did originally include many geocities hosted pages.

When the spams first turned up they also used a different method of redirecting you to another page. I can no longer remember what they did, but it was not obfuscated and I guess that the blogspot staff did a good job of blocking it because once a few thousand blogs were reported, the spam stopped for a good 10 days.

Once the spam started again, I had lost my geocities spammer but the blogspot one was going strong. The URLs had an interesting property this time. The same URL was never sent to more than one email address and as a result there was speculation that they might be using unique URLs to detect spamtraps and normal humans reporting them to the URIBL. A massive data mining exercise. It certainly seemed to hold true for me as any time I reported 50 or so URI, I stopped getting blogspot spam for a number of days and also had a marked reduction in all other spam too.

By watching what other people were submitting, I could tell that during the times I was getting no blogspot spam, lots of other people were still getting them. http://rss.uribl.com/hosters/ shows all the submitted and active free hosters in the last 5 days.

This last batch of blogspot spam seem to have lost their uniqueness. Any blogspot URL I get now days are listed on the URIBL within minutes by others, and I’m getting hundreds of them every day. It either debunks the idea they were spamtrap hunting, or proves that the spammers just don’t give a hoot. An email getting through to anyone (or in my case, anything as it all gets processed by programs) is fine with them.

Anyway, I have been investigating using the “Flag as inappropriate” feature on the loaded blog to a notify blogspot staff of the spam blog. Loading the blogspot page will give you the “blogid” in a meta tag at the top of the page – EditURI. Also included up there is the “me” meta info which is a link to the blogger/spammers blog account which can tell you which month and year they signed up (if it’s the same month, you can assume pretty safely they are a spamming prick)
Once that info has been pulled out, you can use the ID to create a URI to flag the blog as inappropriate and the blog will be reviewed by a human. The general hope here would be to poke them into action to fix their abuse problem.
eg. ptfi3t9hf1ppmp.blogspot.com, the id is 4637393089326112718. The page contains the stupid unescape location rewrite code so build the following URI stolen from the navbar frame and load it. That should flag it for review :)
http://www.blogger.com/flag-blog.g?nav=1&toFlag=4637393089326112718

]]>