Blog spam: Those bloody Russians

Posted by Pierre Igot in: Blogging
November 9th, 2004 • 1:57 am

Those bloody @mail.ru subscribers are starting to get on my nerves. Almost every day now, I get new member registrations from people with names such as “khadbz” and e-mail addresses such as ueukm29@mail.ru. Now, I am always willing to give people the benefit of the doubt — but in this case I think it’s pretty obvious that it’s some attempt to exploit blogging software vulnerabilities.

In my case, the blog software is configured so that you can actually view a list of this site’s registered members (see “Members” link in left-hand side menu). The members’ e-mail addresses are never visible, but the list of members does display people’s home page URLs if they have given one, and it can be used by Betalogue readers to send a private e-mail to the member in question, which the blogging software does without revealing the member’s e-mail address. (The member can then choose to reveal his e-mail address to the sender by replying to the message in private, but that’s the member’s choice.)

I know that the fact that this list of members is visible at all times means that it’s indexed by Google and that some people want to exploit this by registering with a home page URL for a web site that sells stuff. For example, I frequently get registrations from members with a @mail.ru address and a home page URL for a web site selling porn or financial services or whatever. I usually catch these registrations right away and delete them.

Why would people want to do this? After all, it’s not like my Members page is some immensely popular web site that will attract lots of people to their site. No, it’s because of Google’s PageRank system, which increases the ranking of a web site based on how many other web sites link to it. By registering with a fake e-mail address and a home page URL for their site, these people are using my blog to try and increase their site’s ranking in Google. They are trying to force me to feature a link to their site, even though I don’t want to. And they are probably doing this on hundreds of blogs.

I could, of course, remove the link to this “Members” page. But it would cause a loss in functionality for legitimate Betalogue readers, who would no longer be able to legitimately communicate with each other or explore each other’s web sites as easily.

I also want to be careful not to reject legitimate registrations from members who happen to work for a business that does sell stuff, but who have a real interest in Betalogue. It’s not always clear, especially when I get registrations from people who have never posted any comments — but as I said, I am willing to give people the benefit of the doubt.

Still, these @mail.ru addresses look very suspicious to me. It looks like @mail.ru is the Russian equivalent of Hotmail or Yahoo! — one of those free e-mail services that anyone can use to create an e-mail address without giving out any personal information.

What I don’t understand, however, is why I get @mail.ru registrations from people would do not include a home page URL in their profile. I highly doubt that my Betalogue web site is particularly popular with anonymous Russian readers. If they are not registering in order to force my blog to link to their web site selling stuff, then why are they bothering to register at all? What does the inclusion of their (fake) name and @mail.ru e-mail address in my “Members” page give them?

Strange.

(Not that I have any qualms about deleting them just the same. In other words, if you are a legitimate Betalogue reader with a @mail.ru e-mail address, you’d better write to me in private to prove it :).)


3 Responses to “Blog spam: Those bloody Russians”

  1. David George says:

    Hi,

    I have exactly the same problem with mail.ru addresses as you. In fact I even have ueukm29@mail.ru as a member. My site: http://www.PisteHors.com is a ski website. I have dozens of these registrations per day. Like you I don’t want to delete people with a real interest in the site but the fact that addresses go ueukm29, ueukm30 etc is very suspicious. Like you they never include a URL in their member details. I wonder whether we are going to suffer a worldwind of blog spam at some point?

    David

  2. Pierre Igot says:

    David: I recommend blocking this guy’s IP address. If he uses more than one, block them all. Short of disabling registration altogether, it’s the only option at this point. The pMachine staff is working on an update that will address this issue.

    But it does make you wonder about the long-term viability of blogging tools. Individuals like us cannot afford to spend their time fighting blog spam.

    Also, check your actual members’ page. Apparently, they manage to get their URLs to appear just the same.

  3. David George says:

    The pmachine stuff is interesting and I will have to keep an eye on the new release. There are a number of things that could be nice. One would be some kind of Denial of Service protection that would stop people from the same IP accessing pages in very short succession.

    But enough of that, back to my Russians. I’ve check the member lists and their is no URL or trace to spam sites and they’ve not posted any comments. But the email addresses used are the same as known spammers. Strange.

    Thanks for your comments.

Leave a Reply

Comments are closed.