More and more spam reviews on Amazon

Earlier this month I highlighted how a book that claims to be about using Python to build convolutional neural networks and yet, say readers, contains not a single line of Python, was garnering rave reviews on Amazon.

The trend hasn’t stopped and it is pretty clear to me that these are, in fact, spam.

Plainly Amazon’s review system is broken.



More evidence of Bitcoin bubble

Few things attract fraudsters more than bubbles. When the market is rising then their crimes get hidden – especially as those speculating in the market are unlikely to want to have its legitimacy called into question.

The bitcoin logo
The bitcoin logo (Photo credit: Wikipedia)

So too with Bitcoin – the BBC reports that the ever inflating bubble in Bitcoin has attracted the criminals who run botnets. Although these things are generally not too computationally powerful they are big enough and the market inflated enough to make it worth the while of criminals to target “Bitcoin mining“: the computationally intensive task of generating a new Bitcoin (the equivalent of digging another sovereign’s worth of gold out of the ground).

A sure sign of the crazy nature of the Bitcoin market is that it has caused inflation in the price of setting up a Botnet. Spamming – the more usual use of a Botnet – relies on the low (close to zero) marginal cost of sending out a spam email – something that is itself a function of the cost of establishing and running a Botnet.

One delicious thing to look forward to when the Bitcoin bubble bursts is that the Botnet owners will be economically ruined along with all the other speculators.

After “comment spam”, comes “like spam”

No spam

Maybe if I had a blog that was visited by tens of thousands every day and on which hundreds wanted to comment it would not be so easy, but “comment spam” is not a problem here – anything which the algorithmic spam filter does not pick up can be chucked out by hand.

But in recent weeks I have seen a new form of blog spamming – “like spamming” against which WordPress seem to have given me no protection. Spammers – usually they are SEO snake oil sellers or link farmers – come here and like a post – that gives them an automatic link back to their blog.

I don’t want to discourage anyone who genuinely likes my blog – but let me warn the spammers. From this point onwards spam-like likes will see your blog reported to as spam.

Surge in spam

Threshold (Photo credit: gwire)

Has anyone else noticed a large uplift in the volume of spam they are getting in recent days?

In general the last couple of years has, for me at least, seen spam fall. Perhaps that is because tools like Spamassassin are better than ever or, more likely, because law enforcement agencies have started to take this plague seriously and have closed down more than a few botnets.

But the recent surge seems to have taken it back to the levels seen in the bad days of the opening years of the century.

Geeklist spamming people

I had never heard of Geeklist until last week, when I received an email from them and then read the story about their promotion of “brogramming” and abusive response to being called out for it.

The email came first – and as I had never head of them this –

Hi, my name is Jenny and I work for Geeklist, sorry to bug in advance! I noticed you have your email listed on github, so I wanted to reach out and send you a quick note (only this once and never again I promise!). We recently added integration with Github‘s API and wanted to see if you are interested in testing it out and give us feedback, perhaps you can add Groovy-Life or valext?

I realize this comes out of nowhere, but this might be interesting way to connect with other awesome geeks too (mabye), would love to hear feedback in general on that as well.  We have a ton of geeks in our system already ranging from Matz the creator of Ruby awesome geeks building great products

If you are cool with this and want to check it out go to:********** and use this code: ******

We are only sending this to a few people, so let me know if you wish to invite others! thank you so much and sorry to bug you!

– made me think they were a genuine community effort. I made a note to have another look.

But having read about their attitude to women that other other look is now a good deal more sceptical – though even I thought it odd they suggested I added a program designed to analyse the XML output of a hardcore debugging tool.

And, of course, the first thing I noticed on a second look was the subject line:

RE: Quick question / your work on Github

As I have never written to Geeklist about anything and had never even heard of them before the email turned up it is obvious that this email was not “RE:” anything. It is spam from some spammers trying to cheat spam filters and will be treated in just the same way as the occasional other bits of spam mail that get through the filter.

I hope others will follow a similar course of action.

I would not have minded if they had actually badged the email as what it really was – as they say my email is on Github and if you consciously post your email it is because you want or expect people to get in touch. But the crude attempts at psychological manipulation – hi my name is jenny – and above all the dishonest subject line mean it is straight to the WPB for them.

The end of the CAPTCHA?

CAPTCHA Insanity
CAPTCHA Insanity (Photo credit: JillOW)

Between 2009 and 2011 my work included establishing and editing a website (in English) about news and events in Georgia, in the Caucasus.

Lots goes on in Georgia – it’s a fascinating place – but the number of people interested in reading news in English about it is quite limited: still the site built up a good readership and was widely noted amongst the small international community that follow events there for academic, human rights and other reasons.

But Google Analytics also showed that the bulk of the audience was in Georgia itself. Some times this was because the website was one of the few places that gave a reasonably straight report of some controversial events there, especially if these involved criticism of, or statements by, the Georgian Orthodox Church, by far the most respected institution in the country and one that the government had a deeply uneasy relationship with.

But a growing audience also meant attracting spambots and how to deal with them was an important consideration. Even going away for a few days could attract many dozens of spam messages and deleting them was a pain. Bayesian filters for Drupal (the CMS) seemed to be quite poor, so that was not an automatic solution either.

So, I chose the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) – in this case some mangled text that would be posters had to decipher before they could successfully comment on the site. With the CAPTCHA spam all but disappeared (though plainly there are some desperate people even prepared to wade through CAPTCHAs to post their ads).

Now, nobody likes CAPTCHAs – they are a terrible pain, because quite often the text is so mangled it is difficult to read. But I discovered Georgian readers loathed them. For a start they were in an unfamiliar alphabet -he Georgian – Kartuli – alphabet is completely different (for instance there are no capital forms) from Roman or even Cyrillic, even if there are some Greek influences on it –  and then it required them to use a different keyboard layout. ი სტილლ ჰავე ა გეორგიან ლაყოუტ ავაილაბლე ჰერე – სო ტჰის ის სომე ენგლისჰ ტრანსლიტერატედ ინტო გეორგიან.

So eventually the CAPTCHA had to go and I went back to relying on poor quality Bayesian filtering and hand weeding.

Now, it seems, that might be where we are all headed: as Slashdot reports audio and video CAPTCHAs have been cracked and cracking software can even score a 1% success rate against reCAPTCHAs – the toughest type apparently (do read this link on reCAPTCHAs and the social function they fulfil, I often wondered why it was possible to ‘pass’ them with little better than guesses and now I know why).

The failure of audio CAPTCHAs is, I fear, quite likely to lead to their demise as a widely used security technique – as without them those using screen readers and similar audio technology may face some sever difficulties in accessing CAPTCHA guarded content.

Still, well implemented Bayesian and other filtering has already saved email from complete collapse, so maybe it is time to give the Georgians a break and turn all the CAPTCHAs off?

More thoughts about the economics of spam

no spam!
Image via Wikipedia

Spam is often thought of as a hugely profitable business: entry costs are low, marginal costs of sending spam are close to zero and because you target millions you do not need much of a response rate to make money.

But the evidence suggests, to me at least, that most spam senders are like most drug dealers – poor and going nowhere.

Spam is written in appalling English, and that is actually the easiest way to identify it – by the second or third word in (or the first if it is “dearest”), it is clear it is not written by a native speaker.
Here’s a real world example currently sitting trapped by Akismet on this blog:

I surely wanted to sort a message so as to express gratitude to you for those good tips you are writing at this web-site. My extensive web appear up has at the end of the day been compensated with pleasant knowledge to write about with my two pals. I ‘d state that that we website visitors are extremely fortunate to exist in a fine community with many amazing folks with helpful tips and hints. I feel rather grateful to have seen your web page and look forward to some extra enjoyable times reading here. Thanks again for all of the details.
So most spammers are in Eastern Europe? So what, you might say. But the point is that if they were really making any money they could afford to pay for someone to write the stuff in good English – that might double the response rate, say, and that would surely be a competitive advantage. But if the “industry” is broke from the start then there is never the capital to afford to do that.
Of course, some spam does work – phishing, where the “good” cases clearly show real effort has been put in, proves my point: phishers can afford to invest in the technology and the presentation.

New trend in comment spam?

Escherichia coli: Scanning electron micrograph...
Image via Wikipedia

The tactics employed by comment spammers continue to fascinate me, but I have noticed a new trend, which indicates either a new trend or adaption from the spammers – which reminds me of the way bacteria respond to antibiotics – or perhaps just indicates I am being over-sensitive.

Twice in the last 48 hours I have had comments from people who are clearly responding to the content of the blog post but who are also linking to an explicitly and solely commercial page: one was an XML editor and the other was a video on “how to be a hacker” (of the LulzSec variety as opposed to kernel patcher type).

Now, this blog is currently doing pretty well in Google on a number of the technical areas it discusses and traffic is slowly rising as a result. (Interestingly Google ranks the HTTPS pages much higher than their HTTP cousins, but that’s another issue and not one I am going to discuss here, because I really have no idea why that is.)

Therefore it may well be quite valuable to comment spam this site if you are looking for people interested in XSLT or the Kronecker delta or whatever. But you are also up against a pretty good spam filter in terms of Akismet, so the usual “your blog is great” crap is not going to make it.

So, like a bacterium faced with penicillin the spammers mutate and devote more energy to survival. Or, it is just that people who sell a product are genuinely interested in what I write here – though something tells me that it is more likely to be the first!

Some insight on “comment spam”

wall of spam
Image by chotda via Flickr

As I sit here chewing my lunch, some insight has come to me about “comment spam” – the sort of “great blog, have you seen my used car website” comments that, in recent years, have poisoned so many sites. gives me access to “Akismet” so these things rarely if ever get through, but I still get to see them (traffic here is going up, but it is not at such a level that I cannot take time out to smell even the stinking roses) and they have become much more frequent in the last few days – as have references from those odd “aggregation” sites that you see around the web – I won’t link to one because I don’t want to give it any sort of “google juice” but if you don’t know what I mean they are sites that (unlawfully) lift whole blog posts and stick them on their site on the basis that you have written about some subject that supposedly interests the owner/publisher.

It is pretty plain to me now that the real role of these sites is to simply provide pointers to spammers about where they can go to splurge on some comment spam.

Maybe somebody should organise a campaign to pressure the hosters to take these sites down?

Seven years of spamming

How a botnet works: 1. A botnet operator sends...
Image via Wikipedia

A couple of weeks ago Microsoft did the world a favour, taking down the Rustock botnet and reportedly reducing the volume of spam email worldwide by a third.

Thew new chief botnet out there is “bagle” – and this is not such a great story. Because the bagle botnet – generally thought to have, at least originally, to be the work of one person – has been running for over seven years.

It is incredible to think that one criminal could engage in this activity – almost by definition in plain sight – and get away with it for so long.