Azure Jane Lunatic (Azz) 🌺 (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
azurelunatic) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png)
dw_antispam2011-08-08 06:02 pm
azurelunatic) wrote in dw_antispam2011-08-08 06:02 pm
Yes, Virginia, it is a spam campaign! (Keysmash + misspelled vague compliment campaign)
Hi, Dreamwidth!
Since I saw a couple people wondering, I wanted to confirm that there is a known spam campaign that leaves anonymous comments with a subject that looks like a cat walked over the keyboard while a second cat was repeatedly batting the caps lock key off and on, with the body containing a vague compliment with at least one word where the letters have been artfluly rearranged.
The keysmash subject is likely a unique identifier, so the spammer can tell which specific comment got through when it checks or searches later.
Why the vague compliments? Well, a compliment may well fit in to the existing conversation, and may be a way of attempting to build up a reputation as harmless/helpful for that IP address.
Why no spammy links? This may be merely a test campaign, to see how soft a target we are. Or they may just be attempting to build up good reputation so that when they do make with the links, they won't immediately get kicked off the site. Or they may not have anyone paying them to spam right now. But the IP that's emitting gibberish and compliments today is surely tomorrow's viagra-and-handbags vendor.
If you find that you've been getting keysmash-and-misspelled-compliments, please do go ahead and delete them as spam if you have the time and energy. A lot of them, even old ones, are from unique IP addresses, so you may have been the only one hit by that particular specific source.
If you have questions about other comments that don't fit this pattern, you can ask: here, in Support, in the latestdw_news entry, and probably some other places. There are usually a lot of helpful people around who either know off the tops of their heads, or know where to find a spamwhacker.
Since I saw a couple people wondering, I wanted to confirm that there is a known spam campaign that leaves anonymous comments with a subject that looks like a cat walked over the keyboard while a second cat was repeatedly batting the caps lock key off and on, with the body containing a vague compliment with at least one word where the letters have been artfluly rearranged.
The keysmash subject is likely a unique identifier, so the spammer can tell which specific comment got through when it checks or searches later.
Why the vague compliments? Well, a compliment may well fit in to the existing conversation, and may be a way of attempting to build up a reputation as harmless/helpful for that IP address.
Why no spammy links? This may be merely a test campaign, to see how soft a target we are. Or they may just be attempting to build up good reputation so that when they do make with the links, they won't immediately get kicked off the site. Or they may not have anyone paying them to spam right now. But the IP that's emitting gibberish and compliments today is surely tomorrow's viagra-and-handbags vendor.
If you find that you've been getting keysmash-and-misspelled-compliments, please do go ahead and delete them as spam if you have the time and energy. A lot of them, even old ones, are from unique IP addresses, so you may have been the only one hit by that particular specific source.
If you have questions about other comments that don't fit this pattern, you can ask: here, in Support, in the latest
dw_news entry, and probably some other places. There are usually a lot of helpful people around who either know off the tops of their heads, or know where to find a spamwhacker.
no subject
I might recommend at least temporarily turning off anonymous commenting; these things tend to go in waves where a few users get hit pretty hard (though 80 is a lot, ow) and then they slack off or move on to a different target.
Basically the hazards of getting spammed are:
Your time and energy gets spent on dealing with the spam.
There's a small risk that a legit comment might get lost in the spam (either something you needed to deal with gets overlooked, or an innocent passerby gets reported, or both; since there's human review of spam after it's reported, generally low-volume mis-reports are disregarded.)
If the spam remains up, the spammers' mothership might think your journal or entry is an easy target and start sending more.
Ew, spam in your journal.
A number of standalone blog sites do get compromised by spammers and used to host gnarly things themselves, but DW (and LJ) are less vulnerable to that -- the codebase is well hardened, there's not as much ability to customize using methods that are vulnerable to attack.
(Hilariously, I had to pause in writing this comment because something was spamming up my LJ. I hate spammers so much.)