That big red line shows how many spam comments I got daily.  The green line hugging zero?  Those are my non-spam comments.  If only I could transform spam comments into real comments, I’d have more comments than I could reply to.  Of course, if I had that ability, I think I’d use it on all of those “Nigerian Princes” and “European Lotteries” that keep e-mailing me.

Thankfully, Akismet snags most of the spam comments.  Sadly, some slip through.  This means that spammy comments are visible on my blog until I take them down.  I think I need to find some WordPress plugins to help reduce my spam load.

What do you do to reduce spam comments?  Also, any guesses on how many spam comments this post will get?

Anyway, I was thinking about this strip, and wondered what would happen if someone did build a device that made any spam that entered his inbox magically come true.  It might turn out something like the following.

==================================================================

The phone rang three times before a voice answered.

“Hello?”

“Hi, Adam?  Ted here.  I’ve got something I need you to take off of my hands.”

“What is it?”

“Well, you know all of those annoying spam e-mails that come in?”

“Yeah.  Man, do I hate those things.”

“Well I was playing around with some stuff and thought I stumbled on a way to make all spam disappear forever.”

“Wow!  You should patent that.  It’s a million dollar idea.”

“I don’t need a million dollars.  I need you to take this thing away from me.”

“Why would you want to get rid of it?  That thing’s worth a fortune.”

“I know.  There are just two problems.”

“What are they?”

“The first problem is that I can’t turn it off.  No matter what I do with it, it keep churning along doing it’s thing.  I even tried cutting the power cable but it’s still running.  Darned if I know how.”

“Ok, that’s weird.  Still, a Spam Stopper that needs no power?  Sounds even better to me.”

“That’s the other problem.  It doesn’t stop spam.  It makes it come true.”

“Makes it come true?”

“Yeah.  You know all of those International Lottery e-mails?  The ones that say you’ve won some huge prize from a lottery that everyone knows doesn’t really exist?”

“Yes?”

“Well, somehow my machine has turned those imaginary winnings into real dollars.”

“You’re kidding.”

“No, I’m not.  I was suspicious when the first boxes full of cash began arriving, but they seem to be 100% legal tender.”

“Amazing.”

“I thought so too, at first.  Then the machine branched out into Nigerian spammers.”

“Those guys are worse than the phony lottery folks.”

“Except when they’re turned true.  Now I’m being showered with so much money, I don’t know what to do with it all.  I stopped counting at around $90 billion.”

“Okay, except for an accounting nightmare, I don’t see what the problem is.  You’ve got more money than you ever dreamed of.  I think a few tax or accounting headaches would be worth it.”

“It might have been, but it didn’t stop there.  You know those e-mails that claim to be from women who are just dying to meet you for illicit activities?”

“Uh-oh.”

“Yup.  You guessed it.  Suddenly hundreds of strange women began showing up at my doorstep throwing themselves at me.  My wife was already wondering what was up with the sudden influx of money but now she was convinced that I was cheating on her.  She left for her mother’s house three weeks ago, took the kids and I haven’t been able to contact them since.”

“But you didn’t actually *do* anything with these women, right?”

“Of course not.  Give me some credit.  Still, it’s getting draining saying ‘No’ to beautiful women three times per hour.  And since spam doesn’t respect night-time hours, these women show up at all hours of the day.  I haven’t gotten a decent night’s sleep in weeks.  Are you laughing?”

“Sorry, but I couldn’t help but chuckle over how you made having tons of money and beautiful woman fawning over you sound like such a chore.”

“Honestly, all I want is my simple life back.  I don’t want this infernal machine anymore.”

“Ok, ok.  I think I can take it off your hands.  I’m single, so there won’t be a complication with the women showing up.  When do you want to drop it off?”

“Um… Actually, I was hoping you could pick it up from me.  I can’t leave my apartment anymore.”

“Why not?  With every money e-mail spam adding to your bank account, I’d think you could transport it here in a private helicopter.”

“Yes, but you know all of those ‘add an inch’ spam e-mails?”

“Heh heh heh.  Yeah.  They came true too, right?  Wait a second.  Exactly, how many of them have come true so far?”

“28… Make that 29.”

“Um… Actually, I don’t think I’ll be able to help you Ted.  Maybe you could try Rick or Tony.  I just remembered that have something very urgent to take care of.”

“Please, Adam… You’ve got to help me.  I need to get rid of this before…”

Adam could hear a ding in the background and then another.  He hung up the phone as he heard Ted mumbling something about herbal viagra.  He felt bad for Ted.  He hated his overflowing spam folder, but decided that there are worse things in the world.  Those spam messages could be coming true!

Recently, though, the line between spam and normal comment has blurred.  At first, it was valid comments that appeared to somehow hijack CommentLuv.  Upon further investigation, this turned out to be spammers copying previous comments and using them for their own comments.  (Replacing the links, of course, to be their own spammy links.)  That was annoying, but once I was on to their trick they couldn’t get by me.

Now, though, the spammers have me in a quandary.  And I’m not even sure it’s spammers I’m dealing with.  You see, I’ve recently had a few comments on my blog posts that are completely on topic (referencing specific themes of my post or my kids’ pseudonyms), use proper grammar and spelling, and are (as far as I can tell) 100% original.  No copying bits and pieces to form a Franken-comment here.  This wouldn’t be a problem except that the links given trigger my internal spam-alert sirens.

Is that comment really a valid one about my blog post even if the site linked to reeks of spam?  Should I allow it to remain on my blog?  Should I take it down?  Should I remove the URL so that the comment remains but the link doesn’t?  So far, I’ve been removing them entirely, but I’m afraid of removing a valid comment from someone whose URL just looks “different.”

Have you encountered comments like this?  If so, what did you do with them?

EsterlDode had lifted my page, design and all, and put it on their site with some ads hovering on top. Yes, not only did they rip off my content, but they were trying to use my content to make a buck for themselves. Or should I say a rupee. You see, after performing a WHOIS on their site, I found out that they are located in India. The city of Haldia in the province of West Bengal to be exact.

The site claimed that after 8 hours they would take down my content (how gracious, huh?) and provided a link to my original page. This was little consolation. What they did was still a violation of my copyright.

I’ve written about copyright before and it might seem like I often come down against content owners. After all, I oppose the RIAA lawsuits which, based on the Digital Millenium Copyright Act (DMCA) seek damages of $750 – $150,000 per violation. And I have called for shorter copyright terms. Why, then, should I expect copyright protection?

The answer is quite simple. I’m against copyright ownership stretching for 90+ years. This blog post was mere hours old when it was stolen. As for damages, those are being sought against people with no profit motive when the law was originally designed to target people making money off of others’ copyrighted works. These thieves are precisely the kind of people that the DMCA was designed to protect against. They are taking my newly released work, re-publishing it on their site without permission, and putting ads on top to make money from content they don’t own the rights to.

I have no qualms about threatening DMCA lawsuits in cases such as this one or following up those threats if need be. As it stands, I have made initial contact informing them to remove the content immediately. I will continue to monitor their activities to make sure they don’t steal any more posts of mine and have saved screen grabs of the existing offence just in case. In fact, here are the screen grabs (with the taskbar obscured and quality reduced for the web – rest assured I have non-edited, high quality versions locally). Compare these with my real post.

My Aloha Question for the day is: Have you ever had your blog content lifted by a spammer or scraper? If so, what did you do about it?

UPDATE: This morning I checked and the page was still up.  (This, despite their claim that it would be removed after 8 hours.)  I sent the following e-mail:

Hi,

You currently have a page on your website ( THEIR URL ) that was completely copied from my site ( http://www.techydad.com/?p=3490 ).  I have not authorized any copying of my content like this and, since my content is copyrighted, this is a Digital Millennium Copyright Act (DMCA) violation.  Violations like this carry a fine of anywhere between $750 and $150,000 per instance.  I have already tried contacting your via your Twitter account asking for the removal of the content and have received no answer.  I expect that this page be taken down immediately and no further pages from my site be stolen in such a way.  If you do not comply, I will contact my attorney to investigate further action.

-TechyDad

I also sent a tweet to GoDaddy, their apparent hosting provider, asking who to contact about copyright violations on hosted websites.  I don’t know if it was my actions or their software running slow, but my content is now gone from their site.  They still continue grabbing other people’s content and putting it on their site (with ads to earn them money), however.  I’m going to keep my eye on them and follow up on any leads I can to shut them down.

UPDATE #2: The scraper e-mailed me back, apologized for any trouble and asked me what I thought of "popular URL shortening service" Adjix.com.  He provided a link which displays this post within a frame with their ad on top.  I’m thinking about how to respond at this point so I would like to know what you think about it.  How would you respond?

Thanks to Kailani at An Island Life for starting this fun for Friday. Please be sure to head over to her blog to say hello and sign the MckLinky there if you are participating.

Aloha #43

I should have seen this coming, to be honest. My initial spammer, who called himself “Bruce”, actually posted two comments. One had the hijacked CommentLuv link but the other didn’t. I felt this was odd but didn’t look into it. Then, a few days ago, I was looking through my spam posts, since valid comments sometimes get mistakenly marked as spam, and I found what looked like just another CommentLuv-hijacked spam comment. It was on my Aloha Friday: Happy B-Day JSL & Your Favorite Winnie the Pooh Character post.

The first interesting thing was that this spammer hijacked B’s CommentLuv link. At first, I chuckled over this as I know for a fact that B’s real name isn’t “Emily” (the spammer’s supposed name). As I was about to delete it, I stopped, though. Emily had written: “Eeyore since he is adorable in his positively pessimistic mannerisms ” Now that seemed awfully familiar. Almost like something B would write. So I looked back at B’s comment on my post and sure enough, it was the same. Emily had not just stolen B’s CommentLuv, she had stolen B’s entire comment! The CommentLuv link was just going along for the ride. (As an example of irony, a spammer named “Steve” stole the entire comment that Andy, the CommentLuv developer, left on my CommentLuv and Spammers post.) I looked back at Bruce’s previous comments (which I had kept in my Spam queue). Sure enough, they were lifted from other, real commenters.

So it looks like the spammers’ new method isn’t “lift the CommentLuv links”, but rather “pull some random comment from a post and use its text for your own comment.” The hope here (for the spammer) is that the author will see the text as being relevent to their post (which it is being from a real comment and all) and let the spam post through, thus allowing a link to the spammer’s website.

The good news is that Akismet seems able to catch these and send them into the Spam queue. All that bloggers need do is exercise a little caution when approving comments. Keep an eye out for spammers posing as legitimate commenters and you should be fine.

Not too long ago, B brought an issue to my attention. Apparently, a spammer tried to post to her blog. Akismet caught the spammer, but what worried her was the CommentLuv link. Despite filling out his URL, CommentLuv was showing a different, legitimate blogger’s CommentLuv link. We wondered how exactly he was able to pull this off and worried that it might mean the beginning of spammers abusing CommentLuv. A short while later, this same spammer tried to spam my blog with the same tactic. Again, Akismet caught it. Instead of deleting the spam like I usually do, however, I decided to hold onto it to examine it.

At first, my theory was that he somehow detected when CommentLuv was reading his “blog posts” (in quotes because his site wasn’t a blog and didn’t even have an RSS feed) and gave CommentLuv a different page than a normal browser would see. As I examined his post, however, I found out that I was giving the spammer way too much credit. The “hack” (such as it is) is much, much easier.

Page load times are a big issue for blogs. You want your page to load as quickly as possible. Obviously, then, you don’t want your page delayed by loading (or attempting to load) the most recent links for CommentLuv enabled posts. If CommentLuv were dynamic like this, only sites with very few comments would be able to use it. Instead, CommentLuv wisely embeds the link within the comment itself.

Of course, now the issue arises of telling the difference between a CommentLuv link and a normal link. CommentLuv solves this by using a string of characters before and after the link that aren’t likely to appear otherwise. This string of characters is “.-=” before the link and “=-.” after the link (no quotes, of course).

For example, if I posted on a CommentLuv enabled blog yesterday, the following would be appended to my comment:

.-= TechyDad’s last blog .. <a href=”http://www.techydad.com/?p=3371″ rel=”nofollow”>A Looney and Wiggly Time At Six Flags</a>=-.

When a user read through the comments, this link would appear along with a CommentLuv heart (if the blog administrator kept the default settings).

Now, what would happen if I wasn’t TechyDad. Suppose I was EvilSpammer. Now I post a link to my evil spammer website in the URL box and add the code quoted above in the comment field after my comment. I might even put “TechyDad” in the name field to increase the illusion. The result would be that a blog administrator not paying close enough attention might see a post from “TechyDad” with a “CommentLuv” link to TechyDad’s actual latest blog. This blog administrator might be tricked into making the comment live and thus giving a link to the EvilSpammer website.

So how can we stop this? Well, CommentLuv could let the beginning/ending string be customizable. This would keep spammers from knowing the combination. Still, most users would likely not change the defaults. Perhaps the strings could be a set of three random symbols. This would mean that every blog install would be different. Lastly, perhaps CommentLuv or some other WordPress plugin could check the URL in the CommentLuv section to make sure it is from the same site as the URL in the URL field. If the CommentLuv link points to http://www.techydad.com/?p=3371 while the URL link points to EvilSpammer.com, then some action (delete the CommentLuv link, mark the comment as Spam/Pending, etc) could be taken.

By far, this abuse doesn’t warrant turning off CommentLuv. CommentLuv is just too valuable a plug-in to ditch because of a few spammers. Until a permanent solution is arrived at, just keep your eyes open for CommentLuv abuse just like you keep your eyes open for spammers who slip through Akismet.

UPDATE: After posting this, I noticed that CommentLuv’s creator had sent me a link via Twitter. The link showed off an upcoming version of CommentLuv which won’t hard code CommentLuv links into the comment text but will save them to a comment meta table. For those of you whose eyes glazed over at “comment meta table”, it means that the link will be stored elsewhere but linked up to the comment. So your blog will seem to operate the same as before, but spammers won’t be able to just add “.-= LINK =-.” and get a CommentLuv link. Much better solution than my suggestions above! There are other improvements also, but this should eliminate emerging CommentLuv spam campaigns. I’d tip my hat to CommentLuv, but I’m not wearing one. (Mental note: Find a hat to wear so I can tip it to CommentLuv!)

ANTI-TERRORIST AND MONITORY CRIMES DIVISION
FBI HEADQUARTERS IN WASHINGTON, D.C.
FEDERAL BUREAU OF INVESTIGATION
J. EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE, NW WASHINGTON, D.C. 20535-0001
Website: www.fbi.gov
Email:FBIwashington@mail101washington.com
 
 
ATTN: FUND BENEFICIARY,
 
Please note that the F.B.I will be in your door post in the next 7 working days for an interrogation about your involvement in attempt of illegal money transfer in your bank account. It was revealed to our team by the INTERPOL that you were involved in trying to conclude an international money transfer into your bank account without following the due process, thereby, indicating possible money laundering and terrorism sponsorship. Recall, you were asked by the Nigerian Central Bank governor to obtain the Diplomatic Seal Of Transfer {DIST} that will clear you of any involvement in this dastard act but you ignored that.
 
We advice that you contact us immediately as the money have been Stopped and is being held in our custody until you are able to provide us with a diplomatic immunity seal of transfer (dist) within 14 days from the Central Bank Nigeria that authorize the transfer from where the funds was transferred from to certify that the funds that you are about to receive from Nigeria are Anti-terrorist, Drug and  Money Laundering free.
 
To this regards, you are to re-assure and proof to us that the fund you are about to receive has nothing to do with Terrorist, Drug  and Money Laundering fund by sending to us the FBI Diplomatic Immunity Seal Of Transfer(DIST) to prove to us that the fund you are about to receive is legitimate. You are to forward the documents to us immediately if you have it in your possession. If you don’t have it, let us know so that we will direct and inform you where to obtain the document and send to us so that we will ask the bank holding the funds to go ahead and credit your account immediately.
 
However, if we receive a confirmatory message from the Anti Fraud Department of Nigeria Economic and Financial Crimes Commission that you have procured the document or paid part payment for the procurement of the Diplomatic Immunity Seal Of Transfer (DIST) document as directed by the F.B.I, your case will be discharged and acquitted. The choice is yours. Here is email address efcc_nig.org@hotmail.co.uk. Contact them now to ensure that you secure the {DIST} document.
 
Faithfully Yours
Mr. Robert S. Mueller
F.B.I DIRECTOR.

Does anyone really fall for this?  First off, I’m sure that were the FBI really investigating me, they wouldn’t send me an e-mail requesting documents.  Some nice men in suits would show up at my door (hopefully with a search warrant) and would either get me to hand over what they needed or would take it themselves.

Secondly, the "FBI" e-mail address is a Hotmail account?  From the UK?  I guess the FBI needs more funding to set up their own mail servers if they’re forced to use free e-mail accounts from other countries!

Sadly, I know that people do still fall for these kinds of scams.  The economics of the scam dictate that they will keep getting sent.  The scammers can pay $10-15 for a list of hundreds of millions of e-mail addresses.  Then they hijacked computers to send out their "Rich Nigerian Prince Has Died And Is Giving You His Money" scam letters.  They don’t pay much for bandwidth since the hijacked computers are doing all the work.  If they send out 100 million scam e-mails and only 1 hundredth of one percent of the people turn out to be suckers, that’s 10,000 people who will be sending them money.

You can see how their modest investment can turn into a financial windfall.  (I’ve often said that I could easily be rich if it weren’t for this pesky sense of morality.)  Unfortunately, since it remains a money making operation, we’re going to be forced to hit the Delete (or better, Report Spam) key on these e-mails for a long time to come.

 

If the election doesn’t work out for him, perhaps he can be a contestant on Dancing With The Stars.