azurelunatic: Azz: Spamwhacker, with a white dreamsheep on a stalk growing up out of the grass like a flower (spamwhacker)Azure Jane Lunatic (Azz - bolt of blue - infovore) ([personal profile] azurelunatic) wrote in [site community profile] dw_antispam,
@ 2011-08-08 06:02 pm UTC
  • Previous Entry
  • Add to Memories
  • Tell someone about this!
  • Next Entry
Entry tags:campaign: vague-complimnet, offender: anonymous ip, offense type: testing
Hi, Dreamwidth!

Since I saw a couple people wondering, I wanted to confirm that there is a known spam campaign that leaves anonymous comments with a subject that looks like a cat walked over the keyboard while a second cat was repeatedly batting the caps lock key off and on, with the body containing a vague compliment with at least one word where the letters have been artfluly rearranged.

The keysmash subject is likely a unique identifier, so the spammer can tell which specific comment got through when it checks or searches later.

Why the vague compliments? Well, a compliment may well fit in to the existing conversation, and may be a way of attempting to build up a reputation as harmless/helpful for that IP address.

Why no spammy links? This may be merely a test campaign, to see how soft a target we are. Or they may just be attempting to build up good reputation so that when they do make with the links, they won't immediately get kicked off the site. Or they may not have anyone paying them to spam right now. But the IP that's emitting gibberish and compliments today is surely tomorrow's viagra-and-handbags vendor.


If you find that you've been getting keysmash-and-misspelled-compliments, please do go ahead and delete them as spam if you have the time and energy. A lot of them, even old ones, are from unique IP addresses, so you may have been the only one hit by that particular specific source.

If you have questions about other comments that don't fit this pattern, you can ask: here, in Support, in the latest [site community profile] dw_news entry, and probably some other places. There are usually a lot of helpful people around who either know off the tops of their heads, or know where to find a spamwhacker.

(15 comments) - (Post a new comment)
(Flat) (Top-level comments only)

ajnabieh: The text "My Marxist feminist dialective brings all the boys to the yard." (marxist feminist)


[personal profile] ajnabieh
2011-08-09 01:30 am UTC (link)
You are awesome. Thanks.

(Reply to this)  (Thread


azurelunatic: Dreamwidth antispam: a dreamsheep holding a hammer, the better to smack spammers with. (spamhammer)


[personal profile] azurelunatic
2011-08-09 01:36 am UTC (link)
You're welcome!

(Reply to this)  (Thread from start)  (Parent


rhi: a cobweb covered with dew and one drop up at the top (web)


[personal profile] rhi
2011-08-09 02:57 am UTC (link)
Thank you for the update!!

(Reply to this)  (Thread


azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair. (_support, cameo)


[personal profile] azurelunatic
2011-08-09 07:26 am UTC (link)
You're welcome! At some point I should figure out what other things people would like to hear about.

(Reply to this)  (Thread from start)  (Parent


rydra_wong: Dreamsheep holding a hammer; "Dreamwidth Antispam". (dreamwidth -- spamsheep)


[personal profile] rydra_wong
2011-08-09 07:03 am UTC (link)
Thanks for posting this! I'd also seen people wondering.

(Reply to this)  (Thread


azurelunatic: Azz: Spamwhacker, with a white dreamsheep on a stalk growing up out of the grass like a flower (spring 2010 spamwhacker)


[personal profile] azurelunatic
2011-08-09 07:28 am UTC (link)
You're welcome. It's been fairly high volume, if you have time to keep looking in today.

(Reply to this)  (Thread from start)  (Parent


ghoti: fish jumping out of bowl (fishbowl)


[personal profile] ghoti
2011-08-09 10:47 pm UTC (link)
do you still need help spamwhacking? i've got a couple of hours and am good at repetitive...

(Reply to this)  (Thread


azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair. (_support, cameo)


[personal profile] azurelunatic
2011-08-09 10:59 pm UTC (link)
Go ahead and fill out http://dw-antispam.dreamwidth.org/31096.html if you could?

(Reply to this)  (Thread from start)  (Parent


cobweb_diamond: (pic#3624848)


[personal profile] cobweb_diamond
2011-09-30 12:40 am UTC (link)
I've received one or two of these keysmash comments in the past, but over the last couple of days I've received about 80 of them. i'm deleting them all and marking them as spam, but should I be worried?

(Reply to this)  (Thread


azurelunatic: Dreamwidth antispam: a dreamsheep holding a hammer, the better to smack spammers with. (spamhammer)


[personal profile] azurelunatic
2011-09-30 09:44 am UTC (link)
Ugh, no fun. :(

I might recommend at least temporarily turning off anonymous commenting; these things tend to go in waves where a few users get hit pretty hard (though 80 is a lot, ow) and then they slack off or move on to a different target.

Basically the hazards of getting spammed are:
Your time and energy gets spent on dealing with the spam.
There's a small risk that a legit comment might get lost in the spam (either something you needed to deal with gets overlooked, or an innocent passerby gets reported, or both; since there's human review of spam after it's reported, generally low-volume mis-reports are disregarded.)
If the spam remains up, the spammers' mothership might think your journal or entry is an easy target and start sending more.
Ew, spam in your journal.

A number of standalone blog sites do get compromised by spammers and used to host gnarly things themselves, but DW (and LJ) are less vulnerable to that -- the codebase is well hardened, there's not as much ability to customize using methods that are vulnerable to attack.

(Hilariously, I had to pause in writing this comment because something was spamming up my LJ. I hate spammers so much.)

Last edited 2011-09-30 09:45 am UTC (plurals are fun for the whole family when used properly. also, ew spam. :( )

(Reply to this)  (Thread from start)  (Parent



[personal profile] blacklabel
2011-10-02 02:23 pm UTC (link)
I know this post is a couple months old but! I am so glad DW is invite code only. This comment over at IJ (http://asylums.insanejournal.com/announcements/85813.html?thread=4486453#4486453) kind of freaked me out. Is it possible for something like that to happen here, at DW? (I'm really hoping the answer is 'no'!)

(Reply to this)  (Thread


azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair. (_support, cameo)


[personal profile] azurelunatic
2011-10-02 10:41 pm UTC (link)
*looks at comment* I don't think that spammers have actually messed around with IJ's random journal feature. It's just that apparently they have a LOT of very active spammer journals that have not yet been dealt with by the Powers that Be over there. I don't know what the reporting process is there for spammer journals, but I would imagine that they actually take a dim view of them. I personally wouldn't consider the presence of spammer journals by itself something to scare me, but if there is a pattern of spammer journals not being taken care of by the people in charge of IJ, that would alarm me. I don't know how many people the IJ team has available to deal with spammer journals, and how quickly they can respond to complaints of spam. The comment you linked to was made today, so while it hasn't been responded to yet, I don't know if that means that they just haven't yet but will shortly, or if it's likely to sit there without anyone helping for a while. It doesn't look like IJ has picked up LJ's "Report a Bot" system, and it looks like they could really use it if they are having that sort of volume of spammers.

Is it possible for a spammer to register a journal at Dreamwidth? Well, if a spammer gets their hands on an invite code, or if a spammer buys a paid journal to sign up, or tries during an open registration period, a spammer could, and then could fill their journal full of exactly that sort of thing. However, if we find out that this has happened, we come down on them like a ton of bricks and that journal will no longer exist.

We have only found a very few spammer journals here ever, and while a few of them have sat biding their time for a while before they were discovered, once a spammer journal is discovered and reported, the Terms of Service team tends to act within the day. There are few enough spammer journals that we have not brought over the "Report a Bot" form either. If you do find a spammer journal, report it to the Terms of Service team immediately. You can do that by filing a support request in the Terms of Service category, or emailing abuse at dreamwidth dot org (let's not make it *easy* for screenscraping bots! ;-P) and someone will check it out and when they confirm it's a spammer, they'll take care of it.

So I do not think that the situation there, where all the random journal searches were pulling up spammer journals, could happen here, because we run a tighter ship.

(Reply to this)  (Thread from start)  (Parent


red_trillium: picture of a strata loach fish with the caption "I got u a wafer but I eated it" (Got U A Wafer Strata Loach)


[personal profile] red_trillium
2011-10-28 09:16 am UTC (link)
Hiya Azurelunatic, I thought I'd mention (in case the original Journal Owner is only deleting, not also marking as Spam) that we've seen 3 of these key smash type spam comments in the last day or 2 with links, at [personal profile] dreamwriteremmy's entry: here.

Here are links to 2 of the comments, looks like one was deleted but I"ve got the email notification. One here and one here.

I don't have Dreamwriteremmy on my friends list but have subscribed to this particular entry.

Last edited 2011-10-28 09:16 am UTC (Sorry, inappropriate icon!)

(Reply to this)  (Thread


azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair. (_support, cameo)


[personal profile] azurelunatic
2011-10-30 10:44 am UTC (link)
Thanks for thinking of the [site community profile] dw_antispam team!

At this time it's not really practical to attempt to look up reports originating from from any given user, due to the way the system is designed. (In the future, I hope that we will be able to do this! Right now it would involve either knowing the IP addresses that sent the comments, or else knowing the rough timeframe in which they would have reported it and then shuffling through all the reports from that time, and that really isn't an effective use of volunteer time.)

The antispam team doesn't have the authority to delete comments that are not in journals we control, so the best thing to do would be to let [personal profile] dreamwriteremmy know that they are getting spam, if they don't already know. (And sometimes people leave spam up for a while until they can find time to handle it, and time does tend to be at a premium when one has a number of people who require the body's time.)

(Reply to this)  (Thread from start)  (Parent)  (Thread


red_trillium: A background of the US Constitution with "We the People" showing and 2 red equals signs (Constitutional equality)


[personal profile] red_trillium
2011-10-31 06:10 am UTC (link)
Thank you for your explanation! I wasn't sure if I should bring it up here.

(Reply to this)  (Thread from start)  (Parent


(15 comments) - (Post a new comment)
(Flat) (Top-level comments only)