 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Revenge of the spammers
This column originally ran in ComputorEdge on October 21, 2005
(Issue 2342, Fear Factor)
With anti-spam filters increasing in both sophistication and, consequently, effectiveness, the spammers are having a harder time than ever in getting through with their pitches for male enhancement pills, get-rich quick schemes and HOT HOT HOT porn.
For most of us, that's a good thing. Apparently, however, the spammers (a group not known for their altruism) see this as a bad thing, and are busy scheming to find new ways of annoying the rest of us.
Contact form spam
What is most frustrating about contact form spam is that those of us who host Web sites found a few years ago that the amount of spam we received was directly related to the number of e-mail links we had on our Web site. It soon became apparent that spammers were writing software robots to troll the Web looking for e-mail addresses, and then compiling them into massive databases to sell the penis pill pushers.
Yet if you run a Web site, presumably it's to communicate with others at some level. And most of us with Web sites would like those who run across our sites to be able to give us feedback, tips, complaints, corrections, etc. Sometimes it's just nice to know that others are reading or looking at what you've posted online.
Since putting your e-mail address online is the kiss of spam, many - perhaps most by now – use contact or feedback forms instead.
A contact form is an HTML form tied to a CGI script of some sort that allows readers to send you a message without ever revealing your e-mail address. After filling out the form, your visitor clicks a Send or Submit button, and the script then sends the message to your e-mail account.
This lets legitimate visitors contact you without giving spammers access to your e-mail addy. The best of both worlds, right?
Well, for a good couple of years it was.
Recently, I began getting dozens of very odd messages a day at my trageser.com e-mail account. They all claimed to be from non-existent trageser.com e-mail accounts, and contained gibberish for text.
I don't normally get any spam on the trageser.com account; my host, DTL.net, and its owner, Morgan Davis, have written some really wonderful anti-spam software that has worked at better than 99 percent efficiency.
So I forwarded Morgan these spam messages that were suddenly getting through, and he realized that'd be sent from my contact form script.
Now, what was weird is that, unlike normal spam, there was no commercial pitch for wonder drugs or nekkid cheerleaders. There was no pitch at all. Morgan's guess is that they were generated by robots seeking out security holes in Web software.
But Morgan told me – and a Google search confirmed how big a problem it is – that others are reporting spam is now being sent via contact forms.
Being the resident genius he is, Morgan has already written a little utility for his servers that is able to spot most form spam and kill it – yet I'm still getting messages from readers, so I know it's not blocking legit messages.
Still, only a very naive person would suppose this is the last I'll hear from the form spammers.
Blog spam
Similar to form spam is blog spam – in which spammers write little robots that go to blogs, find the feedback links, and then submit spam messages into the form.
Here's a typical example I found on a friend's blog on blogspot.com:
"Hey, I just came across your blog. I think you have fine content. Maybe you and your visitors might find my seduction site interesting."
And then a link to a faux blog selling a book purporting how to tell men how to seduce women. (Note to the gullible: The first man to find a sure-fire method of seducing women is going to keep it to himself! Sheesh ...)
And of course, there are now instances of forums finding themselves deluged with similar spam. Once you can automatically detect, fill out and submit contact forms, you can modify your little software robot to do the same with any forms – blog feedback, forums, anything else done via forum. That's undoubtedly why Amazon.com has human staff verify reviews of its movies, books, CDs and other products before they go live – to prevent the spammers from filling out those forms.
And perhaps that's the ultimate solution: That we may all have to live to learn with a little less automation in our lives, a little less ease of use online.