If you have a guestbook, a blog, or some other option for visitors to leave a message on your website, and if you check it now and then you might have seen a spammer I refer to as Bleep because often his spam message ends with "Best site in bleep! My thnx to webmasters".
When I entered "Best site in bleep!" (including quotes) in Google at time of writing this entry I got 23,700 results. So Bleep has been quite active. Also it seems like a lot of people don't care about comment spam, sadly.
Bleep is not very smart, in the beginning he got stuck in some checks I had added to my comment post Perl program. But Bleep got the (error) message, and changed his abusive program. But instead of giving Bleep an even bigger finger, I decided to let him in, and report each message to each ISP used and each site Bleep spamvertized. This resulted in at least the termination of one website.
Since Bleep uses often different IP addresses to connect to my comment post Perl program I am afraid Bleep has access to a (small) botnet. I do report each IP address to the ISP to which this address belongs, but I have no idea how effective this is.
When Bleep started to abuse my blog he seemed to be focusing on ring tones, but his ambitions grew and grew, sofas, car insurance, cialis, and more. And Bleep got smarter, he started even to abuse Google's blogging service Blogspot.
Recently, Bleep the comment spammer started to use a nifty trick. Somehow Google's blogging service Blogspot allows people to add JavaScript. Moreoever, it allows people to redirect using JavaScript to a totally different site.
The comment spam report program I wrote in Perl reported each Blogspot site set up in such a way to the abuse email address of Google. Today I wrote a Perl program to check each blogspot.com blog and automatically extract the JavaScript redirect information. Below follows a table generated by this Perl program. The meaning of each column is as follows:
q in the query string of the redirectaid in the query string of the redirect| blog | date (GMT) | com domain | query | aid | results |
|---|---|---|---|---|---|
| sectional-sofas | 2006-06-30T23:00Z | toptravel10 | sectional sofas | 43013 | 13,400 |
| ringtone-nok | 2006-06-30T23:00Z | toptravel10 | ringtone | 43013 | 13,200 |
| ringtone-nokias | 2006-06-30T23:00Z | toptravel10 | ringtone | 43013 | 13,100 |
| ringtone-news | 2006-06-30T23:00Z | toptravel10 | ringtone | 43013 | 13,300 |
| sectional-sofa-news | 2006-06-30T23:00Z | toptravel10 | sectional sofas | 43013 | 13,200 |
| sectional-sofas-new | 2006-06-30T23:00Z | toptravel10 | sectional sofas | 43013 | 13,300 |
| ringtone-nokia | 2006-06-30T23:00Z | toptravel10 | ringtone | 43013 | 14,100 |
| leather-belt-buckles | 2006-07-05T16:52Z | topauto10 | belt buckles | 43013 | 15,500 |
| auto-cheap-insurance-g | 2006-07-05T16:52Z | topauto10 | car insurance | 43013 | 17,800 |
| auto-insurance-quote-q | 2006-07-05T16:52Z | topauto10 | car insurance | 43013 | 17,200 |
| cialis-news | 2006-07-05T16:53Z | pharma.universal-finder | buy cialis | 19,800 | |
| auto-cheap-insurance-k | 2006-07-05T16:53Z | auto-insurance-deals | 17,600 | ||
| auto-insurance-quote-s | 2006-07-05T16:53Z | topauto10 | car insurance | 43013 | 17,500 |
| nes-buckle | 2006-07-05T16:53Z | topauto10 | belt buckle | 43013 | 15,600 |
| cowboy-belt-buckles | 2006-07-05T16:53Z | topauto10 | belt buckles | 43013 | 15,600 |
| auto-cheap-insurance-s | 2006-07-05T16:54Z | topauto10 | car insurance | 43013 | 17,900 |
| auto-cheap-insurance-q | 2006-07-05T16:54Z | topauto10 | car insurance | 43013 | 17,900 |
| auto-insurance-quote-j | 2006-07-05T16:54Z | topauto10 | car insurance | 43013 | 17,000 |
| belt-buckles | 2006-07-05T16:54Z | topauto10 | Belt Buckles | 43013 | 16,100 |
| couture-jeans | 2006-07-05T16:54Z | topauto10 | juicy couture | 43013 | 15,600 |
| cool-belt-buckles | 2006-07-05T16:54Z | topauto10 | belt buckles | 43013 | 15,400 |
| belt-buckle-knifes | 2006-07-05T16:54Z | topauto10 | belt buckles | 43013 | 15,500 |
| car-insurance-s | 2006-07-05T16:54Z | topauto10 | car insurance | 43013 | 17,100 |
| juicy-couture-news | 2006-07-05T16:54Z | topauto10 | juicy couture | 43013 | 15,600 |
| kate-spadeq | 2006-07-07T16:03Z | toptravel10 | kate spade | 43013 | 9,670 |
| kate-spadef | 2006-07-07T16:04Z | toptravel10 | kate spade | 43013 | 9,430 |
| kate-spadec | 2006-07-07T16:04Z | toptravel10 | kate spade | 43013 | 9,470 |
| kate-spades | 2006-07-07T16:04Z | toptravel10 | kate spade | 43013 | 9,470 |
| kate-spadew | 2006-07-07T16:05Z | toptravel10 | kate spade | 43013 | 9,380 |
| kate-spade-new | 2006-07-07T16:05Z | toptravel10 | kate spade | 43013 | 136 |
| commodity-broker-i | 2006-07-08T15:55Z | toptravel10 | commodity broker | 43013 | 622 |
| commodity-brokeres | 2006-07-08T15:55Z | toptravel10 | commodity broker | 43013 | 670 |
| commodity-brokers | 2006-07-08T15:55Z | toptravel10 | commodity broker | 43013 | 28 |
| commodity-broker-and | 2006-07-08T15:56Z | toptravel10 | commodity broker | 43013 | 635 |
| commodity-brokeris | 2006-07-08T15:56Z | toptravel10 | commodity broker | 43013 | 589 |
| commodity-broker9 | 2006-07-08T15:56Z | toptravel10 | commodity broker | 43013 | 667 |
| christian-dior7 | 2006-07-09T17:16Z | toptravel10 | Christian Dior | 43013 | 323 |
| christian-dior9 | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 325 |
| christian-dior-all | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 327 |
| christian-dior-and | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 331 |
| christian-dior21 | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 324 |
| christian-dior-handbag9 | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 324 |
| christian-dior-perfume | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 325 |
| christian-diors | 2006-07-09T17:17Z | toptravel10 | Christian Dior | 43013 | 25 |
My best guess is that aid is some kind of referrer id or advertiser id. Maybe Bleep is making
quite some money with abusing your blog or guestbook...
What amazes me is that there are so many people out there having a blog, a guestbook, or some other option for visitors to leave a comment and not caring about spam. Some of the sites I checked had many comments consisting of nothing but a list of links. Best site in bleep indeed.
Even sadder news is that the above blogspot blogs were checked at time of writing for the redirect trick, and all still are redirecting. Yes, that's right Google has done nothing with my reports and some blogs are still redirecting 2 weeks after reporting them to Google. So my question to Google, quoted from BYOB by System of a Down: Where the Bleep are you?.