No Mercy To Sploggers

Opinion: If blogging life is going to be inconvenient, we may as well take the time to fight back.

Download the authoritative guide: Big Data: Mining Data for Revenue

"Splogging" hit the front pages recently due to a complete breakdown in control at Googles BlogSpot service. Always looking for a new way to offend people, spammers have discovered blogs, but it goes back further than the BlogSpot abuse, and the future isnt pretty.

The issue with BlogSpot was that their process for setting up a free blog was easy and probably scriptable. As a result you end up with clowns like this (I hope that link is down by the time you read this; its a bunch of gambling spam blogs).

Why would someone create such a blog? Because by being aggressive with keywords you can trick indexing services like Technorati and Pubsub into linking to them. Great! Now your meta blog reports are as worthless as your Hotmail account.

Most blogging services put some sort of humanity test in the way of those who would automate the creation of blogs, and it definitely helps. The people complaining about Googles technical naivete in this regard are right that Google needs to do better.

But Google isnt alone in needing to get smarter about this. The cats out of the bag, and blogs are going to have to deal with this trash from now on, so everyone needs to do better. Lets hope they do better than ISPs have done with spammers.

Chris Pirillo, the complainer linked to above, is wrong when he says that his inbox full of splog links from PubSub isnt PubSubs fault. Maybe today it isnt their fault, but tomorrow it will be. PubSub needs to consider the reputation of the services it indexes, just as mail services are finally getting the point that they need to track the reputations of mail servers from whom they accept mail.

Even when they have the information to do so, ISPs have a lousy reputation for tracking spammers down and shutting down the ones on their own networks. Blogging services need to find spammers like the one I linked to and take them down. The Turing tests on other services wont stop them completely. It may take a bit of time for a human to set up a blog on another service, but its not really hard or time-consuming.

/zimages/3/28571.gifPatch deployment problems haunt Microsoft again. Click here to read more.

I know this from personal experience. I run a bunch of blogs for various purposes, personal and professional, and have been plagued by comment spam for a while. Yes, spammers have long been attacking the comment threads attached to blog entries and, as a result, bloggers have been forced to use Turing tests for those as well. But even after we added them to my blog I still get comment spam now and then, and it can only be from humans doing it manually, especially since they only come in low volume. I get e-mail notification of all comments and delete them quickly.

Surely theyll go to as much trouble to create a blog that will live much longer. Once Google removes all the low-hanging fruit by blocking scripted blog creation, spammers will go this route. (Incidentally, I also still get a ton of Trackback spam on that site, even though we dont do anything with trackbacks.)

If services dont clean up their acts, a reputation system will have to develop just as they are developing for e-mail. Yes, there will be a lot of collateral damage—I have a BlogSpot blog myself—but if BlogSpot continues as splog-infested as it appears to be now, indexers need to blacklist it. That will get Googles attention, especially when their actually paying customers start screaming. In fact, one service, IceRocket, has already stopped indexing BlogSpot (warning: bad language from jerk basketball team owner).

And if it doesnt get their attention, those customers should go elsewhere. Its a lot easier for a blogger to do than an e-mail user.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer