Thursday, October 25, 2007

Attack on Blog Commentors - Watch out

One of the blogs I frequenly comment love to comment on has posted a warning about "Fake blog commentors" Those Sneaky [Explitive Deleted] Spammers!

It appears someone was attempting to use my email address to post fake comments on the sites I frequently visit. Apparently it can be difficult for current anti-spam methods to easliy figure this out, so you may see comments that appear to be from me but are actually fake.

As I thought about this more, it reminded me of something else. Often, when commenting on a blog there is a checkbox to subscribe to blog comments by email. This can be a nice feature because it allows you to easily follow the conversation as it evolves. A few times, I noticed I was recieving blog comments on threads that I had not subscribed to. I just blew this of as a "bug" in the blogging software and never thought anymore about it. Now, however, I wonder if someone was adding comments as me, using my actual email address.

Has this happened to anyone else out there?

I am thinking of working on a new script using some form of OpenID and/or PGP to validate form comments, but until then here are a few suggestions:

Tips For Webmasters:

I know you are busy enough waving through thousands of spam messages already. But please watch out for "fake" commentors. You can usually discover this by checking the url submitted with the comment (is it a normal url used by this person), is it the right email address?, is the commnent coming from an unusual IP address.

Add the URL's of known spammers to your automatic spam plugins

For the commentors:

Keep a list of the blogs you are commenting on and watch out for people using your name/email to spoof themselves as a valid commentor.

If you do find this is happening to you, please be sure to let others know including the blog you are commenting on, so that this can be resolved quickly

No comments: