Paul Makepeace ;-)

July 4, 2005

Stealth spam site strategy

Posted in: Drivel

I recently had to clear out 2,500+ comment spams from our Movable Type install after a couple of our authors had MT-Blacklist and comment notification turned off... The task was achingly tedious as I wanted to be sure everything MTBL was showing up was in fact spam; last thing I want is for it to generate a "false positive" and wipe out some legit blog commentary. Yeah, I looked at 2,500+ comment spams. Ergh.

Towards the end I saw a few I thought were false +ves:

whose text claims,

Jennifer Richards Connor, PhD Candidate
The Oxford Internet Institute
Wadham College, Oxford

Fair enough I thought, and read the comment text: a rather un-erudite "hi". So I unchecked the box and was about to remove from the blacklist. Then I saw,
with an identical format. OK, getting odd now, and my alarm bells went off.

Scanning more closely now I found elsewhere on the caught-spam list, 

All with identically laid out pages, differing only in the alleged owner's name. Looking into it some more it turns out they're all hosted at in Jericho, NY; nowhere near Oxford University.

How it works

Why do something like this?

The idea I suspect is that by masquerading as a home page, not posting ads, and only posting once or twice, most people won't suspect anything and thus not delete the comments, even though the text of the comment might be banal or irrelevant (all were, IMO). What happens then is that a lot of these links from all over the place persist and build the site's Google PageRank, a measure of a site's "worth". All of those sites are at least PR4 with a couple a very respectable PR5.

A high pagerank equates to better search listings which equates to an opportunity for making money either through advertising or affiliate schemes. So at some point I suspect these sites will cast off their cloaks and reveal overtly commercial operations. Watch that space.

Posted by Paul Makepeace at July 4, 2005 22:11 | TrackBack

a high pagerank doesn't mean that the site is good too...

Posted by: meeero at April 6, 2007 00:04


I've been seeing similar techniques all over the place, shameful as it is. Looks like our old pal is up to youtube spamming nowadays. Interesting how the domain is a front for several other agencies.

The 'sarahsterling' domain is hosted by WebAIR out of NY and I recall phoning in several spam complaints to them in the past. They should be considered 'spam-friendly' as far as I'm concerned.

By God, I think I might write a blog post about such techniques.

Interestingly enough, I did manage to find that the apache configuration for that domain is rather odd. try /cgi-bin/join2.cgi?url= ;) Oddly enough it sends back an HTTP 302 Found redirecting to the given URL.


Posted by: Tim Hentenaar at April 16, 2008 05:24
Post a comment

Remember personal info?