Yes, Virginia, it is a spam campaign! (Keysmash + misspelled vague compliment campaign)

[azurelunatic]

Hi, Dreamwidth!

Since I saw a couple people wondering, I wanted to confirm that there is a known spam campaign that leaves anonymous comments with a subject that looks like a cat walked over the keyboard while a second cat was repeatedly batting the caps lock key off and on, with the body containing a vague compliment with at least one word where the letters have been artfluly rearranged.

The keysmash subject is likely a unique identifier, so the spammer can tell which specific comment got through when it checks or searches later.

Why the vague compliments? Well, a compliment may well fit in to the existing conversation, and may be a way of attempting to build up a reputation as harmless/helpful for that IP address.

Why no spammy links? This may be merely a test campaign, to see how soft a target we are. Or they may just be attempting to build up good reputation so that when they do make with the links, they won't immediately get kicked off the site. Or they may not have anyone paying them to spam right now. But the IP that's emitting gibberish and compliments today is surely tomorrow's viagra-and-handbags vendor.


If you find that you've been getting keysmash-and-misspelled-compliments, please do go ahead and delete them as spam if you have the time and energy. A lot of them, even old ones, are from unique IP addresses, so you may have been the only one hit by that particular specific source.

If you have questions about other comments that don't fit this pattern, you can ask: here, in Support, in the latest dw_news entry, and probably some other places. There are usually a lot of helpful people around who either know off the tops of their heads, or know where to find a spamwhacker.

Comments

[ajnabieh]

You are awesome. Thanks.

[azurelunatic]

You're welcome!

[rhi]

Thank you for the update!!

[azurelunatic]

You're welcome! At some point I should figure out what other things people would like to hear about.

[rydra_wong]

Thanks for posting this! I'd also seen people wondering.

[azurelunatic]

You're welcome. It's been fairly high volume, if you have time to keep looking in today.

[ghoti]

do you still need help spamwhacking? i've got a couple of hours and am good at repetitive...

[azurelunatic]

Go ahead and fill out http://dw-antispam.dreamwidth.org/31096.html if you could?

[cobweb_diamond]

I've received one or two of these keysmash comments in the past, but over the last couple of days I've received about 80 of them. i'm deleting them all and marking them as spam, but should I be worried?

[azurelunatic]

Ugh, no fun. :(

I might recommend at least temporarily turning off anonymous commenting; these things tend to go in waves where a few users get hit pretty hard (though 80 is a lot, ow) and then they slack off or move on to a different target.

Basically the hazards of getting spammed are:
Your time and energy gets spent on dealing with the spam.
There's a small risk that a legit comment might get lost in the spam (either something you needed to deal with gets overlooked, or an innocent passerby gets reported, or both; since there's human review of spam after it's reported, generally low-volume mis-reports are disregarded.)
If the spam remains up, the spammers' mothership might think your journal or entry is an easy target and start sending more.
Ew, spam in your journal.

A number of standalone blog sites do get compromised by spammers and used to host gnarly things themselves, but DW (and LJ) are less vulnerable to that -- the codebase is well hardened, there's not as much ability to customize using methods that are vulnerable to attack.

(Hilariously, I had to pause in writing this comment because something was spamming up my LJ. I hate spammers so much.)

[blacklabel]

I know this post is a couple months old but! I am so glad DW is invite code only. This comment over at IJ (http://asylums.insanejournal.com/announcements/85813.html?thread=4486453#4486453) kind of freaked me out. Is it possible for something like that to happen here, at DW? (I'm really hoping the answer is 'no'!)

[azurelunatic]

*looks at comment* I don't think that spammers have actually messed around with IJ's random journal feature. It's just that apparently they have a LOT of very active spammer journals that have not yet been dealt with by the Powers that Be over there. I don't know what the reporting process is there for spammer journals, but I would imagine that they actually take a dim view of them. I personally wouldn't consider the presence of spammer journals by itself something to scare me, but if there is a pattern of spammer journals not being taken care of by the people in charge of IJ, that would alarm me. I don't know how many people the IJ team has available to deal with spammer journals, and how quickly they can respond to complaints of spam. The comment you linked to was made today, so while it hasn't been responded to yet, I don't know if that means that they just haven't yet but will shortly, or if it's likely to sit there without anyone helping for a while. It doesn't look like IJ has picked up LJ's "Report a Bot" system, and it looks like they could really use it if they are having that sort of volume of spammers.

Is it possible for a spammer to register a journal at Dreamwidth? Well, if a spammer gets their hands on an invite code, or if a spammer buys a paid journal to sign up, or tries during an open registration period, a spammer could, and then could fill their journal full of exactly that sort of thing. However, if we find out that this has happened, we come down on them like a ton of bricks and that journal will no longer exist.

We have only found a very few spammer journals here ever, and while a few of them have sat biding their time for a while before they were discovered, once a spammer journal is discovered and reported, the Terms of Service team tends to act within the day. There are few enough spammer journals that we have not brought over the "Report a Bot" form either. If you do find a spammer journal, report it to the Terms of Service team immediately. You can do that by filing a support request in the Terms of Service category, or emailing abuse at dreamwidth dot org (let's not make it *easy* for screenscraping bots! ;-P) and someone will check it out and when they confirm it's a spammer, they'll take care of it.

So I do not think that the situation there, where all the random journal searches were pulling up spammer journals, could happen here, because we run a tighter ship.

[red_trillium]

Hiya Azurelunatic, I thought I'd mention (in case the original Journal Owner is only deleting, not also marking as Spam) that we've seen 3 of these key smash type spam comments in the last day or 2 with links, at dreamwriteremmy's entry: here.

Here are links to 2 of the comments, looks like one was deleted but I"ve got the email notification. One here and one here.

I don't have Dreamwriteremmy on my friends list but have subscribed to this particular entry.

[azurelunatic]

Thanks for thinking of the dw_antispam team!

At this time it's not really practical to attempt to look up reports originating from from any given user, due to the way the system is designed. (In the future, I hope that we will be able to do this! Right now it would involve either knowing the IP addresses that sent the comments, or else knowing the rough timeframe in which they would have reported it and then shuffling through all the reports from that time, and that really isn't an effective use of volunteer time.)

The antispam team doesn't have the authority to delete comments that are not in journals we control, so the best thing to do would be to let dreamwriteremmy know that they are getting spam, if they don't already know. (And sometimes people leave spam up for a while until they can find time to handle it, and time does tend to be at a premium when one has a number of people who require the body's time.)

[red_trillium]

Thank you for your explanation! I wasn't sure if I should bring it up here.