Latest WEIRD SPAM Incident: postings to my guestbook

Miscellaneous and Personal Stuff I Must Share
1

I have a website with a non-realtime guestbook (people can click the “Post” button and fill in the Subject and Comments fields, and then click the “Send” button, but it doesn’t go up on my site until I review it; and I receive it as an email).

It isn’t compellingly obvious to other people that I review postings before they go up, so lots of folks probably assume/hope whatever they post will just immediately appear and be available to be ready by subsequent browsing folks, and yes abusive comments and spam do show up sometime, but this was different and definitely weird.
This morning I had 3 new guestbook posts. All three of them had an entry filled in for the Homepage URL of the person posting: http://hgdzyjrn.com/llgl/qvei.html

It doesn’t go to anything. Try it. There’s no such freaking domain.

All three of them had for the subject the string “My homepage”.

Two of the three had gmail email addresses, the third had a mail15.com email address. (as with the Homepage URL, these are optional and manually filled in by the poster).

My form has a series of checkboxes — my website consists of academic and semi-academic papers I wrote, and I’m asking which of these, if any, the posters are posting about. The bottom checkbox is a “Specify Other” with a fill-in-the-blank. All three posters input a “specify other” string:

“Marla” specified “Marla”; “Vincent” specified “Vincent”; and “Candice” specified “Candice”.

For comment, “Vincent” input “Great work!” and then repeated the dead/nonworking URL plus a second dead/nonworking URL, http://xojvedlw.com/noqq/masw.html, surrounded by attempted HTML code that would attach the second URL to the clickable string “Please visit”.

“Candice” also input “Great work!” and also repeated the first dead/nonworking URL plus a third dead/nonworking URL, http://royukprz.com/ajov/vnho.html, surrounded by attempted HTML code that would have linked it to the clickable string “Cool site”. “Candace” used vBulletin-style square brackets [URL = “string”] Cool site [/ URL], like that, instead of the HTML-native angle brackets used by “Vincent”.

“Marla”, displaying more individuality, put “Thank you!” instead of “Great work!” and entered the original dead/nonworking URL, a space & pipe character & another space, and a fourth nonworking URL, http://qwhivbps.com/yhil/qefq.html, with no attempt to encode them in a href …/a of any flavor.

Oh, and “Marla’s” (presumably invalid) email address account is “adam”, “Candice” gets her email at “scott”, and “Vincent” receives email addressed to “vicky”.

What do y’all think? Is this a manual effort, to see what would or would not go through and end up on my guestbook? Or is some kind of spambot at work here?

What purpose is there in posting some nonworking URLs to someone’s website guestbook?

(I’ve added hgdzyjrn.com to my email spam filters)

2

I’ve heard of these blogspammers but I don’t know much about them or their methods of operation.

The only thing that makes sense to me offhand is if the spammers are submitting unique spamdata to many blogs and later they have a robot spidering the posted blog pages looking to see what stuck; then they know they have a blog with weak moderation/filtering, and they can then autopost Much More Crap.

But that theory’s so baroque that I hesitate to describe it.

Maybe I’ll go register that domain… :slight_smile:

3

Damn, just got another three. Different nonsense random-character URLs for the main URL, different but similar names, same three variants on getting clickable URLs up.

Hmm, wait a minute, I post what is effectively a status report on the first three attempts and moments later three more attempts show up in my mailbox. Excuse me while I fold this here foil into a hat-shape…

4

I get between 15 to 30 of those exact type every day on my guestbook.
Here is one I just caught:

Name: priscilla runton
Website: http://<URL REMOVED>.net/buffered-aspirin-and-caffeine.html
2006-02-22 14:13:01
Thanks for the chance to sign your guestbook.
Email Address: prisrun@<ANOTHER URL>.com

I had to create a custom filter of spam words that real people won’t use on my site but spammers will, but even so myself and three other people are catching 5 or 6 per day. I don’t want to put a captcha on the guestbook because it may disuade real visitors from posting who aren’t that tech saavy so I am stuck with deleting posts and adding more spam words.

5

By the way, it seems if they start hitting you - they will never stop. I’ve fitered out the ones who try to put in bbcode (square brackets with a URL), but they still are coming, and put their lone link to some great site which are just pages with 100 links to sites about cheap medication or whatever.

6

I get a few and they seem even more pointless than the name of this forum. Random name, no link to anything, nothing but gibberish.

7

A “message board” (which is kind of like a guestbook, only that you can reply to posts which bumps them back to the top) that I read has a similar problem.

It’s the bbs at http://www.mewheart.com/eng (a pretty near dead Pokemon site). It’s so full of spam, you have to go a few pages back sometimes to see a real message.