If I didn't have spam filtering turned on for our Wiki, I definitely would not be able to keep it running - here's a bit of the logging, which illustrates the problem:

<< April 13, 2008 10:49:48.216 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Cincom Smalltalk >>

<< April 13, 2008 10:49:48.781 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Wiki Syntax >>

<< April 13, 2008 10:49:59.142 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Add an action button to a canvas >>

<< April 13, 2008 10:51:29.850 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Wiki Syntax >>

<< April 13, 2008 10:54:22.129 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: VW NameSpace Reservations >>

It's like that 24x7.

Charles Miller isn't happy with the rash of Twitter-spam out there. I'll note that this isn't new; Immediately after I joined Twitter (awhile ago) - I recall that one of the first "follow me" requests came from "Girls Gone Wild". I kind of figured that they weren't interested in "Smalltalk Daily" :)

Technorati Tags: twitter

As I've said before, spam seems to come in waves - there are times when the attempts to spam the Wiki and the blogs here are just tremendous, and then there are periods like the last few weeks - unusually quiet. After a few quiet weeks, I find I'm waiting for the other shoe to drop...

I'm noticing something about Spam this Christmas season. I posted on blog/wiki spam dropping off the other day - apparently, that's done on something resembling a 9-5 work schedule. Email spam though? That's just relentlessly bot driven. Cincom mostly shuts down over the holiday, so it's more obvious: real mail disappears, so all I see is the spam. And boy of boy, is there ever spam :)

It's an interesting difference. I guess email is still easier to automate; after all, to target my blog server, someone has to either manually go at it, or take the time to create a bot that specifically targets it (the servlets and web forms ar all things I created myself).

Hmm - there's a test I could run. I could try changing all the form field names and see what happens...

I'm curious about this - I was getting another wave of spam on the blog server(it seems to go through peaks and troughs) when it just stopped completely before the weekend. Which makes me wonder: are the spammers directing their bots on a work-day type schedule, and taking weekends and holidays like the rest of us?

Like Doc Searls, I'm noticing a huge uptick in spam. The blogs here are mostly ok - between the simple spam blocker and the "off brand" nature of the server, we don't get hammered too hard. The wiki is in ok shape; better than the UIUC server, which seems to have been knocked off the air. Email though? My corporate inbox is overflowing with Russian spam. How hard would a rule be such as "if it's not in (insert your language here), assume it's spam?"

Apparently pretty hard :)

Ok, this is interesting in a "inside Google" sort of way. TechCrunch reports that Google has launched a de-ranking offensive against blog link farms. This is a good thing, because search results will often take you to these bogus sites rather than the original content source.

However - as with any such battle, it looks like there's been some collateral damage:

The AOL owned Weblogs Inc was not immune, with leading Gadget blog Engadget dropping from PR 7 to PR5, Autoblog (6 to 4) and DownloadSquad (5 to 4).

That caught my attention, because the PageRank of this site is a decent 7 (scale of 10). It's just weird for my blog to have better PageRank than a site as popular as Engadget. I suspect that this move is going to create an awful lot of tooth grinding.

The Guardian may have the reason for the last round of spam attacks that I (and everyone else) have been seeing on the net: a growing botnet:

It gets worse. Storm's delivery mechanism changes regularly. It began as PDF spam, then morphed into e-cards and YouTube invites. It then started posting blog-comment spam, again trying to trick viewers into clicking infected links. Similarly, the Storm email changes all the time, with new, topical subject lines and text. And last month Storm began attacking anti-spam sites focused on identifying it. It has also attacked the personal website of a malware expert who published an analysis of how it worked.

I had been wondering about those waves (PDFs and e-cards) of spam. More recently (I mentioned this the other day), I've been seeing tons more comment spam than normal. I wonder if there's a specific plan, or whether someone is building a huge "rent a bot" (or heck, maybe they already have) network? Would I see a difference between spread attempts and spam campaigns that were paid for?

Technorati Tags: security