Expect forum spam to get more and more tricky. Before soon, you might have to read the source code, or use a Firefox extension that marks links, no matter what they’re hidden behind. Here are two recent attempts to spam a forum I moderate:

This one has the spammy links hidden under the comma and period. It’s a bland enough topic it would fit into any “General discussion” subforum. I found other forums where it had slid through. On some forums, the links aren’t underlined, and would be almost impossible to catch. It’s sparked discussions on some forums, with users thinking it’s a regular post. The mark of a good spam, I suppose, and it’s also why I turn the spotlight on it - users and moderators need to be made aware of how much spam there really is on forums.

This one has the spammy link hidden behind the smiley. It’s the kind of topic you see a lot of on forums, so it would get through most moderator nets. I ran my mousepointer over the whole post, looking for spam links, which is how I found out it was spam.

Since I talked about that spam, I thought I should run it down as well. It’s a blogspot link with a very basic javascript redirect going directly to the affiliate scheme: topadult10 ID: 35875. The comma spammer also had blogspot links with basic redirects, this time going to a keyword on spammy advertising portal tissuepain.com (which was previously spamvertized directly. Google reports 17.800 pages from that domain!), which is on 64.111.207.10. That IP number might hold multiple customers of HaldexHost in Ukraine. But many domains hold the same (fake looking) whois that’s on a similar format as tissuepain. And many domains have similar topics. Not all domains are in use, though. So it’s hard to say…
Whois (probably fake) for tissuepain.com:

Harris Alexander (info@tissuepain.com)
224 East 64th Street
New York
NY,10021
US
Tel. +1.9178056791

Creation Date: 26-Mar-2005
Expiration Date: 26-Mar-2007

Domain servers in listed order:
ns1.333210.com
ns2.333210.com

I also found that the McAfee Siteadvisor was showing links from that site to other sites on adjacent IP numbers:

buy-cheap-zithromax.info - 64.111.207.11
trancemusics.com - 64.111.207.10 - 21,200 results in Google
buy-cheap-bextra.info - 64.111.207.10
zoloftcheap.com - 64.111.207.12 - 17.500 results in Google
buy-cheap-steroids.info - 64.111.207.12

On another note: I’m working on a project these days that monopolizes a lot of my creative energies, so I won’t be posting as much for a few weeks. I’ll be monitoring the site as usual.

I got a post to a forum I own. It was apparently from a student trying to decide on a college or online college.

He’s underlined all the words, making it hard to spot the links he’d hidden under the words. The only way to spot them was to run your mouse pointer along the lines and see the color of the links changing, or the pointer turning into a hand.

Just a heads up.

Yesterday I wrote a story entitled: Coca Cola spam reaches Norway.

By today, the news media has gotten in on the game, and there are comments from Coca Cola in various places.

Coca Cola says they’re within the Norwegian law, but my guess is they’re going to lose that one. Two “viral campaigns” have been linked together by lazy spammers using the same forum ID for both campaigns. One of those campaigns looks like an amateur video. There are no logos anywhere, except the bottle on the table. It’s a clear case of infraction against the law in Norway. The law says (paraphrased) that advertizements need to be clearly marked as advertizements. You can’t advertize and disguise it as editorial content, for instance. That’s against the law. So this is clearly against the law. And since it’s been linked by forum ID with another campaign, that identifies the product clearly, there’s no doubt.

Coca Cola has admitted to hiring marketing companies that use viral marketing. In other words, they’ve admitted to spamming, but prefers not using the term spamming.

The company Coca Cola says did the “viral marketing”, is GoViral. They’ve got several offices around the world, including one in Sweden (at least one IP implicated in the spamming was Swedish).

It doesn’t really matter if this company spamvertizes videos that then include product placements or commercials - as opposed to posting links. Mass posting on forums with a commercial aim, is spamming. The spamming has a different aim - getting direct clicks from users, as opposed to gaining good ranking in search engines. Which is where part of the webspam industry is headed anyway. Still spam…

So, GoViral are spammers, and should be scrutinized in the future. What they’re doing is no better than what Russian spammers are doing (just less obvious and less easy to suss out), so no going easy on them.

Yesterday, when I saw the blanketing of marketing banners for the zero movement, I thought to myself: OK, here it comes, they didn’t learn from the beating they got last time…

Coca Cola came under scrutiny for forum spamming and guerilia marketing when they launched Coke Zero in Australia. Seems they didn’t learn, and have made the same mistake in Norway. The launch started yesterday, but their marketing people got a jump on things by posting links to advertizing vidoes starting a few days before.

Freakforum broke the spamming story in Norway. Note that many of the links they found were related to a spam campaign from April that was a bit less obvious. It had a bottle of coke in a seemingly amateur video of two football celebrities talking. But that same user came back to some of the forums and posted a new link, and this time there was no mistake. It’s an English speaking video, with a girl who slaps her boyfriend silly over that one question: Do I look fat. And at the end there’s a URL for the address they’re using for the Zero Movement in Norway.

What’s interesting, is that Coca Cola has most likely fallen foul of the marketing law in Norway, where one section states that advertizing needs to be clearly labeled as advertizing. This campaign is trying to fly under the radar, and be seen as another user having found something funny. The first campaign from April is in clear violation. The new campaign is in violation if you consider that the post is not labeled as advertizement. It’s just when you get to the end of the video that you understand there’s an advertizing message. But with the two posting campaigns linked with the same user, it doesn’t really matter. Coca Cola is busted as a spammer!

For those who’d be interested in trying to get their hosting yanked, here are the particulars:

IP: 83.136.90.23 (for several domains relating to the campaign).

Webhotel: phd.dk (go to Kontakt os and find an e-mail address there)

Upstream: nianet.dk

Here are examples of the spam: 1, 2, 3, 4

Found this:

How to fight SPAM in forums?

Good advice on combatting spam on phpBB forums.  There’s an option to use a captcha for signing up as well, right?

My experience, is that spammers register, then post once. More and more will never bother to post again. So banning isn’t so much the solution as making it difficult for them to register.

I came across a free forum provider that had both phpBB and IPB (Invision Power Board) free forums.

And the IPB forum I saw had redirect code between the head and the body.

There’s an additional problem with IPB boards: They cost money. They used to be free, but in order to update them, you need to pay. And for a free forum host, that’s not a good deal. And because it’s not open source, the owners of the free forum host are hesitating to change the software.

So I propose a solution: Stop accepting new signups for IPB boards, but keep the old ones. But scan or look through the old ones, and remove ALL spammy forums.

Something to think about…

I’ve said this before: Old forums will need to be removed. Even if there are no present links to it from your site, that doesn’t mean spammers won’t find it.

The point is: Old forum software was made before forum spamming became big business. It’s impossible to maintain an old forum that has been discovered by spammers. They will turn their bots on the forum and fill it with posts. To the tune of up to 100 a day!

And the spammers don’t just settle for links to their sites. I’ve seen posts where they insert javascript redirects in the posts, and in some cases even in the subjects of the posts - which means you’re redirected to the target site the moment your browser gets to that particular post. And some of those forums that aren’t pruned can weigh in at several megabytes in code alone.

Here’s an example from my comment spam today. It was a forum in Norway, and somehow I doubted the owners were spammers, so I checked it out. The owners of the forum had moved the site to a new domain name, but forgotten to remove the old forum…

Norwegian forum

And then I googled for the URL of that forum, and found loads of phpBB forums the spammers had filled with links to specific posts on that forum. The links didn’t work (syntax didn’t work), but that’s beside the point.

The point is that there’s an abundance of phpBB forum owners who don’t maintain their forums. Those forums should be SHUT DOWN, unless the owners are able to get the manpower to police the forums enough to remove each and every one of the spam posts!!!!

I got an e-mail from someone who’s plagued by bots that register on her forum.

She wonders if the point is to harvest e-mail addresses from the participants?

The behaviors we’ve seen from forum registering bots so far are:

*Spam posts
*Delayed spam posts
*Spam link in profile
*Delayed spam link in profile

To find out if there are mail harvesting bots, we’d need for someone to register on a forum with a spamtrap address. A forum that already has a bot problem. A forum where the e-mail addresses are visible to logged in users. Then only leave it there, and see what happens.

And even then it’s hit and miss. We’d need some statistical material to be sure.

I got an e-mail from EdisonRex, whose online nick was misused by a spammer. EdisonRex had edited the spammer’s spampost on his forum, and the spammer took offence.

The nick was used as an online identity, so EdisonRex felt the need to protect it. That meant investigating the misuse, and getting information out.

He’s written 5 long chapters detailing their plight, that I thought might be of interest to my readers as well:

Spam’s Empire 1
Spam’s Empire 2
Spam’s Empire 3
Spam’s Empire 4
Spam’s Empire 5

There’s another installment coming soon.

But in the meantime, maybe one of you guys have seen spam coming from the same sources? maybe we can help him figure out if this is related to other spam?

If this spammer is only spamming for the role playing game, then revenge could be a tactic he’d be quick to employ.

On the other hand, professional spammers get a rather thick skin. Even so, we’ve seen revenge spamruns fairly often. The latest was this one.

Nick Wilson found a disturbing want ad:

Dirty deeds done dirt cheap © 300km North of Moscow

Sort of the direction the net is heading: More and more webspam, by every means available.

Etanisla blogged a similar topic lately: Shill planting

Bad, eh?