This last day, I intiated a first step in a anti-splogging program that seeks out splogs. You can find them by searching for the keywords "Have you been splogging?" at pretty much any blog search engine. Basically, I search for splogs that are compromised (most splogs are) and post on their blog using the hole. The splogs are then linked to the previous blog entry; Splogger Note. The next step would be to unsubscribe them from the service they are using to splog.

If you found a blog entry that linked here, then it's very likely that we discovered you were using a common splogging technique. This technique has a major flaw in that we can now post whatever we want on your blog. If you weren't intending to splog, then please accept our apologies, but note that your blog is compromised since the email address used to post directly to your blog was made public.

Don't know what Splogging is? Read the following.

• http://en.wikipedia.org/wiki/Spam_blog
• http://www.plagiarismtoday.com/2005/11/08/behind-splogging-why-sploggers-splog/

I just purchased DestroyAllMalware.com. I'll be transferring this blog there in the near future.

One major problem that I had to deal with when I created Rmail, was email-to-blog gateways like Blogger's that allowed users to publish on their blogs via email. Rmail converted RSS feeds to emails. This made it trivial for sploggers to steal content by combining Rmail with the email-to-blog gateway. Rmail converts content to emails and the gateway republishes them (stolen) onto another blog. What I did was create a very simply mechanism that would automatically unsubscribe the user when the content was republished.  The technique wasn't prefect, as it did allow the splogger to steal content for weeks and sometimes months before the splogger was discovered and unsubscribed. Unfortunately, most all other RSS-to-email gateway didn't have such a feature, so the blogosphere is currently littered with splogs, mostly on blogspot.com. I've decided to expand my technique to work with other RSS-to-email gateways. It shouldn't take long to write. I'll report back later.

Today, I found that Google has removed this blog from their UK search results. This happened on June 25th. They sent me a message via their Webmaster's tools. It was done, because I wrote a blog entry more than a year ago. The blog entry was about a scammer who was sueing Google in order to de-index people who are exposing his scam. Seems he was successful.

As I mentioned previously, the root problem is the government of the UK, who have been unable to keep up in the Internet age. If you read this and live in the UK, then you might want to tell your politicians to get off their lazy asses and do something productive. And don't worry, we in Canada have similar problems.

http://kbcafe.com/spam/?guid=20070630062328

The last two days, I've run into an unordinate amount of Facebook captchas. Worse, I miss more than half. It seems their captcha system is b0rked.

This is a paid review.

AllSpammedUp is a new anti spam blog dedicated mostly to business anti spam topics and email security (phishing). Their tagline is anti-spam in a business environment. Recent blog entries include MySpace legal fights against spammers, revelations of how viagra spammers make their dimes and Spamhaus legal battles with spammer too dumb to keep their mouths shut. This blog is definitely worth your time, especially if you're a corporate IT manager. Promoting those that fight against spam and other malware is something this blog has always been about. Let's get the word out on these guys. Link to an article or two on your own blog. Subscribe to their RSS feed. You can get their blog entries via email with SendMeRSS and directly from them by submitting the Subcribe by Email form on their blog pages. This blog start in April of this year and is mostly authored by Sue Walsh with an occasional article contributed by other authors. They have a few dozen articles to date, all of which are a few paragraphs (3-10) in length. Hopefully we'll see a lot more in the future from these guys. I'm subscribed and I'll be linking to them in the future.

http://www.allspammedup.com/

I thought I'd follow up on the RightFielders scam I uncovered. BlogAds sent me an email, indicating they had previously received complaints about RightPundits and were already investigating the issue. They asked them to change the wording on their order page to remove any confusion. RightPundits made the change. Then I got an email from Mary McCain. They demanded my posts be taken down and that my allegations were false. And if I didn't, they would report me to BlogAds.

http://www.kbcafe.com/spam/?guid=20080506235631

Today, I discovered an ad scam on the BlogAds network. I first came upon the fraudulent network a few weeks ago when I started to get a ton of referrers from them. When I checked into the referrers, it turned out it was referrer spam (not legit). I sent them an email to stop it, they turned off the switch and I stopped receiving a ton of (fake) referrers from them. Then I got an email from a reader informing me of potential impression fraud. I didn't really think twice of it as I get more emails than I can bother consuming. But the same day, I was checking out my blogs on the BlogAds network and discovered they were were making some good coin from their advertisers. It appears they are making more than $1000 per week on BlogAds. They are employing an array of tactics to defraud their advertisers. First, it appears they are using a botnet (or the likes of) to inflate hits, but I can't prove that.  Second, they are placing premium ads in the bottom of sidebars of other irrelevant blogs on their network. This artificially inflates their numbers with impressions their advertisers would surely gag on, if they only knew. Their primary blog is called RightPundits, but they also have other blogs; RightFielders and RightCelebrity. If you advertise in one of their premium BlogAds units, then your ad will also appear on the other blogs, but further down the sidebar. In fact, it may appear more often down the sidebar of other blogs, then where the advertiser actually intended to place it. They do have text in some (not all) places that indicate that ads may be placed elsewhere, but the text is confusing at best.

They are also using AdSense, but only the link units. This is likely because Google would've quickly booted them if they were using a unit that might generate revenues for fake impression. They don't seem to be breaking any AdSense terms or policies. They are also using AdBrite, but less preeminently.

• http://www.rightpundits.com/
• http://sports.rightpundits.com/
• http://celebrity.rightpundits.com/

Over the years, I've had lots of comment spammers, but none have consistantly spammed me like BigCrumb. No link to them for obvious reasons. If you look at their website, they say no spam. If you look in their fact, they say no spam. Yet, day-in, day-out, I get nothing but comment spam from them. In fact, I don't think I've ever heard of them outside of them spamming me and people bitching that they are mega-spammers.

Today, I was playing around with various APIs for my reblinks website and I noticed that the SplogSpot API was always returning NOT a splog, even for splogs in their database. I tried to submit a bug report, but their captcha is too hard for humans (check it out). Then I noticed that their recently found splog and full splog database files were AWOL. I guess that project died.

http://splogspot.com/

Today, my website got comment spammed by David Lechner. This is the contact information in Tucows database. So, if you know this guy, then you know now that he's also a spammer.

    lechner, david  davidtl999@yahoo.com
    1837 beverly circle
    clearwater, FL 33764
    US
    +1.7274413467

Sorry, this blog has fallen into neglect, as I've got too many projects going.

Paul McDougall: Under the plan offered by the Software & Information Industry Association, anyone who unwittingly buys fake software from an online fraudster can receive up to $500 if they report the scam.

http://www.informationweek.com/software/showArticle.jhtml?articleID=205100007

Jason Schramm created a bookmarklets for reporting malicious downloads sites to Google.

http://www.jasonblogs.com/tech/security/report-malicious-sites-to-google-with-this-bookmarklet.html

Just highlighting that a new Spanish Web 2.0 startup called Feevy is spamming bloggers to get them to discuss their startup. How do I know it's spam? Because I got the same exact email multiple times from them (I have multiple blogs). This is spamming. They are spammers.

This morning, I noticed I've only got about a couple dozen spam emails. Only a few days ago, I was getting 10k per day. Somebody just implemented awesome spam controls. Not sure if it's Google or my email hosting service. I wonder about false positives.

Lately, I get so many invites on various social networks, that its becoming a part time job, just responding to the various stupidity. Most of the friend requests are from people I don't know and who don't know me. I often respond, "How do I know you?" I get three follow-ups from there.

1. Don't you remember me, we use to do this and that?
   I immediately add this person as a friend.
2. No response ever.
   Obviously a social network spammer who is crawling friends of friends and adding just anybody they can to boost their friend count.
3. We are connected in LinkedIn.
   Another social network spammer. This person is not only adding just anybody to one social network, but then they are importing contacts across their social networks.

Here's some rules that I follow.

1. I only originate a social network connection when I truly know the person or have reason to contact the person.
2. I'll accept invitations on LinkedIn from just about anybody (as long as your profile looks reasonable). I do this because I'm in the Internet business and being nice to other people on the Internet is only smart business.
3. I'll accept invitations on MySpace from just about anybody. I do this because I occasionally write MySpace layout codes and want to encourage adoption.
4. I won't accept invitation on Facebook unless I really know you. I do this because my real friends actually use Facebook and its the one true social network that works for connecting me with my friends.

Email is no longer reliable thanks to the inability of the governments to deal with spammers. More and more, I have to double check with people when I send important emails, because they simply never get them. I even send email to myself, from one email address to another, which never arrives. These emails get dropped by SMTP servers that assume they are spam because you've hit some sort of spam score limit. Reliable email and spam should become an election issue. Let's make it one.

Today, I'm at a campground in South Dakota and have found that they are blocking my own website (explanation follows).

For your families saftey the content of this website has been blocked by the Mt. Rushmore KOA and Palmer Gulch Resort.
URL:http://www.kbcafe.com/
Reason for restriction: Forbidden Category "Hacking/Proxy Avoidance Systems"

Hehe. I used Remote Desktop to post this from another computer. I guess they were right, but were lacking in their execution.

Comment forms are getting worse in the response to blog comment spam. I've tried to keep my blog comment forms as simple as possible and I don't get too many complaints (some are inevitable). But many blogs now have comments forms that simply don't work or that don't respond in reasonble time. It's such a shame. I often wonder if the blog owners post comments on their own blog. If it takes 30 seconds for a comment to be posted, then I'm long gone. This reduced pageviews, because I'm not gonna read any other blog entries after that frustration.

I've been doing some SERP data mining all morning. None of it was automated. All manual. Now Google thinks I'm a virus or spyware.

Today, I discovered that a link spammer had specifically targeted one of my blogs and left hundreds of the exact same set of links on my blog. Since they all contained the same links, it was trivial to remove them. My linkspam protection is quite unique and getting around it requires that you actually target that specific blog. I have to wonder how much effort this person spent to put those hundreds of links, which were removed in 5 seconds. Linkspam has been a problem for years now. Is anybody gonna do anything about it EVER!