The Villains are Winning

Volume 7, Issue 48; 23 Mar 2004; last modified 08 Oct 2010

Comment spam. Referrer spam. Wiki spam. Email spam.

The belief in a supernatural source of evil is not necessary; men alone are quite capable of every wickedness.

Joseph Conrad

Periodically, I have to remove comment spam from this site. Luckily, because this site is a one-off, no one has automated the process of spamming it.

Yesterday, I had to take down a web page because it had been effectively destroyed by referrer spam.

Last night, I discovered that some script kiddie had <expletive/> every page on the DocBook Wiki with porn spam. Worse still, their script has <expletive/> all the line breaks so none of the pages display correctly even after the links have been removed.

This morning, I woke up to face the several thousand pieces of spam that typically accumulate in my inbox every night. Luckily, SpamAssassin and SpamBayes do most of the heavy lifting.

The trajectory is really bad here, folks.


It will be interesting to see if people start using captchas ( to try to prevent drive-by spamming. If someone really wants to leave a comment, solving a simple puzzle that takes a few seconds shouldn't be a problem. Of course you have to measure your headache vs usability vs accessibility factors to determine if that idea is even feasible.

You can have an email form with captchas for people to contact you and never expose your real email to the world. The spammers will eventually crack the hack. People forget that spammers do not worry about bounced messages. You could give some instructions like put the word "blah" in the subject but no one will remember.

Just remember to use or when signing up for anything on the web.

Then there is the "members only" method to grant access to the wiki, email, and commenting features. I am currently working on my blog architecture and I am leaning towards this one. We'll see. Some innovative idea is bound to come out of the community soon.

—Posted by Nasseam Elkarra on 23 Mar 2004 @ 05:40 UTC #

Captchas have already been made irrelevent by smart spammers. They set up "free porn" sites where visitors have to type the text from an image to get their fix - of course, what the porn hungry punters are actually doing is acting as a distributed captcha solving system proxied through a server-side screen scraper. It's the smartest spammer trick I've seen. It isn't widespread yet, but you can bet it will be soon.

—Posted by Simon Willison on 30 Mar 2004 @ 08:30 UTC #