Tags:



five-digit spam
November 18, 2005 12:50 PM   RSS feed for this thread Subscribe

Does anybody have any idea what's going on with this kind of comment spam? I'm getting scads of it, with no URLs but always a mention of a five-figure number. "I've managed to save up roughly $55085 in my bank account, but I'm not sure if I should buy a house or not. Do you think the market is stable or do you think that home prices will decrease by a lot?"
posted by languagehat to computers & internet (18 comments total)
There's a bit more about it at this blog, with plenty of variations mentioned.
posted by Mo Nickels at 12:57 PM on November 18, 2005


The number could be for tracking. You can google the number and see how many hits come up.
posted by smackfu at 12:58 PM on November 18, 2005


If it doens't have any links or anything it is probably a email address harvester seeing which addresses don't bounce back. Since your address didn't bounce back, the harvester is probably going to assume yours is a valid address.

The five digit number might be some kind of tracking for the harvester so if bounce message didn't contain the 'send to' address it would still be able to tell to which address the original mail was sent
posted by tayknight at 1:00 PM on November 18, 2005


(Tayknight, I think you're mistaken, as languaghat is asking about website/blog comment spam, not email spam.)
posted by nobody at 1:03 PM on November 18, 2005


Seeing that some of them have URLs (from Mo Nickels' link), couldn't the ones without links just be ones whose links got stripped, or were ill-formatted?
posted by deadfather at 1:16 PM on November 18, 2005


The URL mentioned in Mo Nickels' link points to a page on a private school's website, apparently designed as a (clearly non-commercial) teaching aide. It seems very unlikely that the comment spammer actually has a business interest in this elementary school's guess the number game.
posted by nobody at 1:30 PM on November 18, 2005


We were flooded with this 5 digit spam over the last 7 days on our Moveable Type powered blogs, one more than the others. I noticed it because of the strange pattern.

Yesterday? That blog got hacked. Every entry had imbedded links in it where someone had been able to mess with the HTML. The HTML code wasn't showing up in the entries. Who ever was hacking us wasn't showing up on access logs and we don't believe they cracked the code for our passwords (though we changed everything anyway). But it was a strange coincidence, timing wise.

I have no idea if there is any connection. But I remember thinking as I was on the receiving end of the 5-digit spam, "Is someone testing out our site somehow and for some purpose?" But I have little experience with spam, spammers or any kind of internet hacks...my DH programs our sites. I'm just the user researcher and one of the writers.
posted by jeanmari at 1:59 PM on November 18, 2005


It's highly unlikely someone hacked an MT site by sending it comment spam. My theory is that the 5-digit numbers are a sammer's tracking system so they can find out whcih MT blogs are still vulnerable to their comment-spam scripts. if they get a match in Google, they then bombard the crap out of those blogs with more comment-spam scripts. This is because unattended blogs are better for the spammer to abuse then ones who cean up after an attack within minutes of it happening.
posted by camworld at 2:34 PM on November 18, 2005


I think this might be an attempt to make it harder for people to distinguish between real spam comments and normal comments using content filters.

I believe it's supposed to work something like this

1. Post lots of seemingly innocent comments all over the place which annoy people.
2. Wait for them to flag it as spam and pollute their content filters
3. Spam the same blogs with real spam which now hopefully will not get rated as spam by any content filters.
4. ....
5. Profit!

I could be on crack though.
posted by alexst at 2:40 PM on November 18, 2005


This is because unattended blogs are better for the spammer to abuse then ones who cean up after an attack within minutes of it happening.

Considering how easy it is to spam huge quantities of blogs in not very much time I wouldn't of thought they would be trying to optimise the process like that. It just doesn't seem worth their time or effort. If it gets deleted from somewhere it doesn't cost them anything as posting a comment is essentially free.
posted by alexst at 2:42 PM on November 18, 2005


Oops. my bad. Thanks nobody.
posted by tayknight at 2:53 PM on November 18, 2005


Looking at this site might offer a clue. The "recent comments" sidebar currently shows five different instances of this sort of comment spam.

Three of them (commenting on the same entry) include the same random number, which is interesting. Another links to the guess a number game from the elementary school website, and a fifth one links to a different number guessing game on a Pearson Education owned site.

I wonder if this is simply a sort of contest among spambots, the link to the number games being a nice touch, almost funny, like wry graffiti.
posted by nobody at 3:03 PM on November 18, 2005


Five digit spam with home price/morgage/buying keywords makes me think they're trying to get hits from people googling zip codes. But, why disguise them? And why no URLs? It is a mystery-
posted by bemis at 8:30 PM on November 18, 2005


Yeah, it is a mystery, isn't it? But at least I know it's not just me. And it's fun to see the other examples: Betsy Markum and Courtney Gidts are the same "gals" who have been spamming me, the little hussies! Thanks for all suggestions, and I hope someone figures out the Answer.
posted by languagehat at 6:23 AM on November 19, 2005


I think there might be a couple of goals.

First would be to place a seemingly innocuous but very identifiable number on as many sites as possible in order to search for the sites that have allowed these comments and thus identify them as high-priority spam targets. We've seen this happening for quite a while now in many different formats.

Secondly, though, it might be an attempt to do a kind of Google bomb on a site that otherwise would have a very low pagerank score. This would allow a spammer to demonstrate their ability to deliver ranking via comment spamming. The elementary school site has a pagerank of 3, which is quite low but even if the spammers could demonstrate any effect at all they will have succeeded.
posted by mikel at 7:22 AM on November 19, 2005


If they're all identical except the number, perhaps someone has scripted a way to check if messages are identical, and discard identical messages?
posted by shepd at 9:50 AM on November 19, 2005


They're not; the messages are all different, they just have a five-digit number somewhere inside. I have, however, added "Gidts" to my MT-Blacklist -- what a weird "name"! Hmm... on googling, I discover it's apparently a Dutch name, but most of the hits are for our naughty Courtney.
posted by languagehat at 9:59 AM on November 19, 2005


I've been getting the same 5-digit spams from the same Courtney Gidts & others -
posted by growabrain at 11:51 AM on November 19, 2005


« Older BirdFeederFilter: When it's gl...   |   Please help me find more infor... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
How can I stop cell phone spam? February 6, 2008
No More V1@grA September 10, 2007
Do I report life-threatening spam? June 28, 2007
Google product search spam filter? October 15, 2006
Blog comment spam puzzler June 29, 2006