Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.
I am the chief technical officer at InVision App, Inc - a prototyping and collaboration platform for designers, built by designers. I also rock out in JavaScript and ColdFusion 24x7.
Meanwhile on Twitter
Loading latest tweet...
Ben Nadel at the New York ColdFusion User Group (Nov. 2009) with:

It's Not Spam At This Point, It's Psychological Ware Fare

Posted by Ben Nadel

I understand spam. It makes sense for the people doing it; you get your adverts out there, you get people publishing links to your site without intent. That makes sense. The problem is, probably about 80% of the spam posted to my site over the weekend was of this form:

Email: havyipu@mail.com
Name: xvfgzo zhqm
Url: http://www.euhyfq.xqbrhztov.com
Content: kuychw pdyzrmx judxpf prsgicyb zrkbwd lhxzca nqaiz

What the hell is that?!?!? First of all, there are no URLs in the content. Second of all, the URL they entered in the URL field is not valid. If you try to go to it, it errors out. This is crazy. It's like they are just trying to mess with my head.

The only thing that I can assume is that they post bogus information first then check the resultant pages to see if the bogus data is there; maybe it's like some sort of success marker. Smart... but it's freaky.



Reader Comments

I am not sure but I think some of that has to do with attempts to harvest addresses. The same reason that spammers will sign up for your email list. Basically they are hoping to harvest legitimate emails from the copied addresses on an email sent to a large group.

Or maybe spammers are just a wacked out bunch of psychopaths. Yeah, nevermind, that is probably more likely.

Reply to this Comment

I work on a Nutrition site at school, and these are, and have always been the type of mails we get! I just don't get it.

Reply to this Comment

Sending spam has got to be one of the most dishonorable occupations in history. Seriously, can we kill some of those people who write spam bots? No trial or anything, the moment they are identified, they're sent straight to the electric chair, or maybe some more cruel and inhumane form of capital punishment. The world would be a better place.

Reply to this Comment

Ha ha, dare to dream... but hey, if we didn't spend a good amount of time fighting spam, we would be bored with all that time on our hands... Oh wait, actually I have about 1000 other things that need to get done! Uggg!

Reply to this Comment

I believe they may be trying to frustrate you as well as negate any bayesian filtering you may be trying. I recently quit reporting spam to my mailserver because it resulted in having to repeatedly clear out and retain the filters.

They may also have tools that automate loading the entire webpage (including javascript) and auto-completing all fields. I'm not 100% sure, but I do know that you can't whole depend on staticly-named variables and fields.

We were getting over 1,600 posts per week on one website. We removed the link to the submission form from the website's navigation and are automatically logged and globally blocking POSTs from their originating IPs. We now have 799 confirmed backlisted IPs that are blocked network-wide.

I've hunted down a couple IPs and discovered that the server had an open proxy running on it that the webadmin wasn't even aware of it.

Is there some sort of online IP blacklist like ORBs or SpamCop that identifies zombies and open proxies? SURBL.org is nice for URLs, but could easily block good mail as "realtor.com" is on their list. Comment spammers also use other website's redirection links and bulletin boards for redirection. These spammy posts could affect your ranking in Google or even result in getting you removed altogether... not to mention the complaints from visitors when they view all of the adult linkage on your website. Yuck.

Here's a CF opensource system... not sure how effective it is as I haven't tried it yet:
http://cfformprotect.riaforge.org/

Have you read this article?
http://www.nedbatchelder.com/text/stopbots.html

Good luck!

Reply to this Comment

I just noticed that my post was instantly posted... with links and everything. You should modify the URLs and include the rel="nofollow" attribute so that unendorsed links don't change the way that Google ranks your website.

Reply to this Comment

Hi Ben - they do it to mess up your spam filter. You mark enough of those types of messages as spam and your filters will start grabbing your normal mail. You mark too many as not spam and all spam will come through.

I hate these people.

Reply to this Comment

@James,

I have not tried CFFormProtect, by I hear that Jacob did a bang-up job on it. I am going to take a look it shortly. As far as the instant posting and autolinking.... I shy away from using the "rel" no follow thing. I feel that one of the benefits of posting comments on someone's site is not only that you are giving back to the community, you are also getting your name out there. I would not feel comfortable stripping any ranking advantage from those people that take a lot of time and put a lot of thoughts into posting on my site.

As far as it not being moderated, I am too lazy to moderate :)

@Toby,

That makes a lot of sense. Thanks.

Reply to this Comment

Ben, We converted a heavily spammed contact form from CF/HTML to a Flash Form using CFFORM and I just asked this question to the guy that gets the form posts:

steve: hey, how well has the Flashforms protected the spam on the contact form?
tom: we haven't gotten any spam since
steve: dang
tom: very effective

May be worth it.....

Reply to this Comment

Interesting. I have never done any CFForm stuff in flash. It could be worth a look in to (if for no other reason than to learn something new).

Reply to this Comment

Post A Comment

?
You — Get Out Of My Dreams, Get Into My Comments
Live in the Now
Oops!
Comment Etiquette: Please do not post spam. Please keep the comments on-topic. Please do not post unrelated questions or large chunks of code. And, above all, please be nice to each other - we're trying to have a good conversation here.