Had the opportunity to listen to one of the older purveyors of Pill Spam on blogs, Pligg, and other social networks. I owned a Pligg site there for a bit and was intimately wrapped up in the Pligg comment spam issue to the point where the stie was actually shut down by the ISP due to the level of spamming that happened at that site. For anyone who has ever had a site shut down, or has had to wade though thousands of comment spams or other spam messages, this was one speech that you really should have been here to hear.
While the speaker will remain nameless, it took brass to stand in front of the group and Gnomedex and talk about the economic motivations behind spam and how it works. Google is helpless to stop this because every time they change something, the Spammers are right there with the changes. The money is there, people will go there regardless of how hard it hits blog owners, or anyone else who lives on the Internet.
This is the big idea, is that with the billions of messages a day, with RSS (Really Simple Stealing) and a ton of other open methods we have actually created the internet environment that helps blog spam, comment spam, and other forms of spam spread across the internet. We just are not ready for people who are willing to use RSS, content scraping, and other techniques to help sell pills on line.
If you think about this, the tool to take over Pligg and dump in hundreds of thousands of links only cost 200.00 dollars, and the returns would be in the hundreds of thousands of dollars because people are looking for pills, the money motive is there. It is not that they are worried about your web site; it is that they honestly just want to make money. Your web site regardless of what it is from education to dot com is simply a way for them to get their message across. Open forums, RSS, Pligg, social networks, improperly secured or with security holes, the whole process right now is so easy to send the spam message that until we work on the infrastructure from the viewpoint of information security we are pretty much so in a battle of time.
They have automated tools, where most of our tools are manual. They have a money motive and a Google page rank motive, where we have a keep our sites clean and a Google page rank motive. Manipulating page rank is nothing new, how they use your web site is also nothing new. How we deal with it has to change. The idea that one of the folks who does this would give Gnomedex an hour long speech on this one (Gnomedex has to post the tape on this) can help people understand the magnitude of the problem. Even if Spammers only go after dead blogs (and there are millions of dead blogs out there) there is a phenomenal source for them to pump the message and see their products.
The biggest thing that web site users can do right now are:
- Shut down if you are not using it any more put in a blank HTML landing page and shutdown the database connector.
- Keep up to date on security patches, if you own it and you do not want it to be used for spam, patch when available.
- Monitor your RSS feeds using something like FairShare, if you don’t like how your information is being used, then do a take down. Make your site hostile to spammers, but friendly to readers.
Those simple steps would be the easiest to do for people. The hardest part is going to be the patching but given the level of security in many of our popular blogging and social networking platforms; make sure you take security into account. Even big companies like Facebook, Twitter and MySpace have all had serious security issues in the past, there is no reason to think that WordPress or Pligg are not going to continue to have issues in the future. No software is perfect, it is time we acknowledge that and deal with the consequences.
(Cross-posted @ TechWag)