insomnia: LJ spam problem increasing.

Insomnia (

insomnia) wrote,
@ 2008-07-17 10:17:00

LJ spam problem increasing.

I don't know how much the rest of you have noticed it, but I have seen a *HUGE* increase in comments, especially in many of my most widely read posts, that are clearly a form of spam. To make matters worse, these spam comments are coming from "registered" users, such as

paulaqiguz,

zsuzannapivyx, etc. The goal seems to be to get Google to link from relatively well-indexed LJ users / posts to these phony accounts, which in term link to other sites.

The amount of spam comments I am getting on all my existing posts is starting to outstrip the comments I get on normal posts, but I absolutely don't want to close comments in my journal to registered users, restricting things to only those who are currently on my friends list.

If I can't find a good solution -- or if LJ can't change its account creation or to solve this problem in a fairly rapid manner -- this might be the last straw, frankly.

It's important to me to make sure that comments to my post are open to outside voices, especially those who can provide firsthand knowledge and information on the subject at hand. And while I pride myself in having a very knowledgeable friends list with lots of people who are in very interesting circumstances and who have very diverse interests, having to cut off comments to only those I already know is completely unacceptable.

Screw new features. Getting rid of this kind of crap should be priority #1 for LiveJournal, in order to make sure that the site still works as a community. It would be too easy for LJ, through its inaction, to go the way of Usenet.

(Post a new comment)

symbioid
2008-07-17 05:49 pm UTC (link)

I noticed this, too, and am concerned. I've gotten about 4 the past couple days on old entries in lj-dev.

I wanna know why/how this is happening. Is this related to lax security on SUPs part (vs 6a or LJ as a solo company)? Have you seen any official comments regarding this? I hope they'll be addressing this soon, because when spam takes root, communities die, as you astutely noted.

(Reply to this) (Thread)

	strspn 2008-07-18 12:38 am UTC (link)
	The way Wikipedia handles this problem is to turn on NOFOLLOW links. (Reply to this) (Parent)

	deedeebythebay 2008-07-17 05:57 pm UTC (link)
	but I have seen a HUGE* increase in comments, especially in many of my most widely read posts, that are clearly a form of spam* Odd this....I haven't even heard it, let alone experienced it. What does this look like? (Reply to this) (Thread)

	insomnia 2008-07-17 08:26 pm UTC (link)
	The comments are a bit oddly stilted, but sometimes make sense, kinda. The usernames are odd, however, and the journals themselves are dead giveaways, as they all contain links at the bottom to a variety of other sites. (Reply to this) (Parent)

	qilora 2008-07-17 05:59 pm UTC (link)
	can you set your post default to allow all registered users but to "screen" non friends' comments? (Reply to this) (Thread)

insomnia
2008-07-17 07:39 pm UTC (link)

Screened spam is still spam that I have to go through... and I go through plenty already!

The real problem in my case, is that I am pretty heavilly indexed by google, so any spambot that relies upon google to find its victim's posts to comment in is going to flood me, regardless.

That said, I don't want to shut off Google indexing, as its oftentimes led some very interesting, knowledgeable people to my journal.

I was doing some time-sensitive advanced searches on Google the other day, and decided out of curiousity to check out my name and see who, if anyone, has been posting about me, and found this blogpost from Emily Bell, the Editor-in-Chief over at The Guardian, which is a very major newspaper in the UK.

Sometimes, I think I should go to the UK and get a job in journalism. I already have the connections, it seems.

(Reply to this) (Parent)(Thread)

kelly_holden
2008-07-18 02:39 am UTC (link)

The real problem in my case, is that I am pretty heavilly indexed by google, so any spambot that relies upon google to find its victim's posts to comment in is going to flood me, regardless.
Then I would highly recommend screening. Yes, you still have to go through the spam, but Google won't be able to see it.

*can't remember how she got here. it may have had something to do with the recent

lj_2008 post.*

(Reply to this) (Parent)

liz_marcs
2008-07-17 06:03 pm UTC (link)

I've been tagged by about 20 of these spam journals over the past 24 hours.

There is something most of them have in common. Outside of 2 spam journals that were created more than a year ago and have no entries, all of the spam journals in question appear to have been created over the past 4 to 5 days, have one entry either relating to financial or health care matters, with the one entry tagged with subjects that are primarily sexual in nature.

What I'm at a loss on is the purpose. There are no links leading off-site to anywhere, there's no mass-friending, and the comments themselves don't seem to be ads at all, but just random bits of nonsense.

ETA: I've been informed by people that those "tags" are actually off-site links.

Still, seems like a lot of work to do this, no?

Edited at 2008-07-17 06:11 pm UTC

(Reply to this) (Thread)

	insomnia 2008-07-17 06:46 pm UTC (link)
	It seems to be that they are trying to play games with Google more than anything else. Is your journal indexed pretty heavily by google, or linked to by people outside of LJ? (Reply to this) (Parent)(Thread)

	liz_marcs 2008-07-17 06:53 pm UTC (link)
	Yeah, it is pretty heavily indexed and linked. And someone mentioned to me that this could be a subtle Google game at work. (Reply to this) (Parent)

matgb
2008-07-17 09:20 pm UTC (link)

What surprises me is not that it's happening, but that it's taken the spammers so long to start hitting LJ hard. Blogger and other free platforms have been infested with it for years.

But yeah—a comment on your journal is a google link back to their journal, if you leave it (hence they're targetting older posts that are indexed) then the link builds their presence and thus spins off to the sites they're linking to. Basic spambot practice, finally hitting LJ.

I've had a few hit me in reply to my comments elsewhere, I've not been got yet, but everyone that's been hit has a high PR, it's only a matter of time before they get me as well :-(

Important thing is to spread the word and make sure everyone knows to report it to LJ as spam.

I get several comments like this per day on old Blogger and Wordpress sites, LJ has been left for ages, but it's worth them hitting older journals that are being indexed, so it was just a matter of time before they got here—the growth in Russia will have got them more attention anyway.

seems like a lot of work to do this, no?

Botnet, automated, little to no work at all.

(Reply to this) (Parent)

	kayay 2008-07-17 06:10 pm UTC (link)
	Under comment setting you can require CAPTCHA from anonymous, non friendlist, or everyone. Also adding IP recording sometimes discourages spammers. (Reply to this) (Thread)

	foxfirefey 2008-07-17 06:47 pm UTC (link)
	The IP recording doesn't seem to do anything, and sadly requiring the CAPTCHA hasn't stopped it all, although it reduced it considerably. (Reply to this) (Parent)(Thread)

	kayay 2008-07-17 07:22 pm UTC (link)
	Spammers are like small swarming, biting insects. In small numbers they are typically harmless though irritating and sometimes though you might get a nasty virus. But one attracts another and another until you're practically chocking on them. You can spray insect killer or repellent, but there's always more. Need the virtual equivalent of a really really hungry frog. (Reply to this) (Parent)

john_of_arabia
2008-07-17 06:16 pm UTC (link)

SPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAMSPAM

Spam. In a can.

(Reply to this) (Thread)

	lynn_massa 2008-07-17 07:17 pm UTC (link)
	you forgot eggs... (Reply to this) (Parent)(Thread)

	insomnia 2008-07-17 07:19 pm UTC (link)
	Eggs, bacon, beans and a fried slice. Edited at 2008-07-17 07:58 pm UTC (Reply to this) (Parent)(Thread)

	lynn_massa 2008-07-17 08:18 pm UTC (link)
	omG. that was revolting! (Reply to this) (Parent)(Thread)

	insomnia 2008-07-17 08:27 pm UTC (link)
	Fortunately, the British are gradually learning how to use a toaster. (Reply to this) (Parent)

	sbisson 2008-07-17 06:30 pm UTC (link)
	Watch the LJ Dashboard for a while to see how quickly the spammers are posting... One big problem facing sites like LJ is that most of the common CAPTCHAs have been conclusively broken. (Reply to this)

	eatsoylentgreen 2008-07-17 06:34 pm UTC (link)
	I personally think that the new features are rather stupid anyway. (Reply to this)

voiceboxx
2008-07-17 07:03 pm UTC (link)

http://www.livejournal.com/manage/comments/
Comment screening -> Screen comments from: Anyone not on my Friends list
Human test -> Show CAPTCHA while commenting to: Anyone not on my Friends list
IP address log -> Log IPs for replies from: Everyone

http://www.livejournal.com/manage/settings/
Search inclusion -> check Minimize your journal's inclusion in search engine results
Explore Area Exclusion -> check Exclude your entries from site explore areas
Weblogs.com -> uncheck Notify Weblogs.com when I post new public entries
Facebook -> uncheck Prompt me to share new public entries on Facebook

Edited at 2008-07-17 07:04 pm UTC

(Reply to this) (Thread)

	insomnia 2008-07-17 07:17 pm UTC (link)
	Doing some of that would exclude people from interacting with my journal, but it's a good general primer on the steps that can potentially be taken. That said, it would be great if LJ just fixed this problem. (Reply to this) (Parent)(Thread)

voiceboxx
2008-07-17 07:30 pm UTC (link)

I don't see how they could stop people from creating accounts though. I'm sure those registered spammers will get banned once they're caught, but I don't see any preventive things LJ could implement since they can't ban IP addresses...

btw, if you have comments enabled to everybody, and if your journal entries are public, how do any of those measures I mentioned exclude people from interacting on your journal?

(Reply to this) (Parent)(Thread)

insomnia
2008-07-17 08:10 pm UTC (link)

The main thing they need to do is make sure that you can't create an account with a script, which is essentially what is happening right now. It appears that LJ's use of captchas has been worked around, and something else is needed. Also, accounts should have a valid, confirmed email address.

There are also a lot of things that they could potentially do to block or interfere with these journals, given that the format of their posts and the sites they link to can be easily determined and potentially blocked. There are also ways to block spam, related to how quickly and often certain accounts are posting / commenting. And, of course, blocking of IP addrs, subdomains, etc.

So yeah, there are a lot of ways they could look at addressing the problem.

(Reply to this) (Parent)

	fabricdragon 2008-07-17 07:19 pm UTC (link)
	sigh. the problem with fool proof systems is that fools are so damn ingenious. dunno what to do. just keep complaining... (Reply to this)

	lynn_massa 2008-07-17 07:27 pm UTC (link)
	It would be too easy for LJ, through its inaction, to go the way of Usenet. oh Usenet, I pine for thee! (Reply to this) (Thread)

	insomnia 2008-07-17 08:13 pm UTC (link)
	"oh Usenet, I pine for thee!" ...and Usenet wants you to expand your penis, I'm sure. (Reply to this) (Parent)

	_lj_sucks_ 2008-07-17 09:14 pm UTC (link)
	There's a lot of it, yes. A week or two ago I turned on Akismet on my web sites, because I noticed spammers signing up for accounts in order to spam. That has pretty much solved the problem--Akismet detects the spam comment and flags the comment and the account as spam, so I have nothing to do. (Reply to this) (Thread)

	_lj_sucks_ 2008-07-17 09:15 pm UTC (link)
	Incidentally, LJ's CAPTCHA challenged me to enter two words, but there was only one word in the box. The other "word" was a number. sigh And it is fucking annoying having to do the stupid CAPTCHA every single time I comment. (Reply to this) (Parent)

	ikilled007 2008-07-17 10:40 pm UTC (link)
	My interdictor blog is getting pounded by that shit. Every once in a while I log into it and mass ban the accounts, but then a week later it starts again. (Reply to this) (Thread)

insomnia
2008-07-18 12:43 am UTC (link)

*nods*

It's all that Googleriffic lovin' you got.

Mass bans mean little when they're creating dozens of accounts a day, but hopefully whoever is behind this will find that their efforts are in vain.

Even if LJ aggressively went after suspending these accounts ASAP, that alone could do a lot to end such spam attacks. It seems odd that they're still around after days, even when multiple people are flagging them as spam.

(Reply to this) (Parent)

	lakme 2008-07-17 10:43 pm UTC (link)
	I had to figure out how to set text messaging to friends only because I got LJ text message spam, of all unbelievable things. (Reply to this) (Thread)

	feline 2008-07-17 11:05 pm UTC (link)
	I got that, too... sigh They wanted me to get a bigger penis.... I figure if I feel like I'm inadequate, I'll just pop down to a sex store and fix it. (Reply to this) (Parent)(Thread)

	insomnia 2008-07-18 12:10 am UTC (link)
	If you do, please post a video! ;-) (Reply to this) (Parent)

	genders 2008-07-18 02:48 am UTC (link)
	In an unrelated complaint, what is up with this FOAF thing? Eight years I escaped google, and now I'm all over the damned thing. I am afraid these may be the end times. (Reply to this)

	ithinkitisayit 2008-07-18 10:28 am UTC (link)
	How do you report these spambots to LJ? (Reply to this) (Thread)

	insomnia 2008-07-18 11:01 am UTC (link)
	When you get them, you can delete them and mark them as spam, which should suffice. (Reply to this) (Parent)

	i_breathe 2008-07-20 08:42 am UTC (link)
	I hope you are not driven to set, friends only. I have been reading you for years and in fact opened my account to make it easier to do so and half my friends list originate from commenters to insomnia. I know you will try to do everything possible to avoid going friends only but if it does happen I would ask that you please add me. As always, good luck with the fight. (Reply to this)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs