Perl programmer for hire: download my resume (PDF).
John Bokma MexIT
freelance Perl programmer

Best site in bleep!

Thursday, July 13, 2006 | 4 comments

If you have a guestbook, a blog, or some other option for visitors to leave a message on your website, and if you check it now and then you might have seen a spammer I refer to as Bleep because often his spam message ends with "Best site in bleep! My thnx to webmasters".

When I entered "Best site in bleep!" (including quotes) in Google at time of writing this entry I got 23,700 results. So Bleep has been quite active. Also it seems like a lot of people don't care about comment spam, sadly.

Bleep is not very smart, in the beginning he got stuck in some checks I had added to my comment post Perl program. But Bleep got the (error) message, and changed his abusive program. But instead of giving Bleep an even bigger finger, I decided to let him in, and report each message to each ISP used and each site Bleep spamvertized. This resulted in at least the termination of one website.

Since Bleep uses often different IP addresses to connect to my comment post Perl program I am afraid Bleep has access to a (small) botnet. I do report each IP address to the ISP to which this address belongs, but I have no idea how effective this is.

When Bleep started to abuse my blog he seemed to be focusing on ring tones, but his ambitions grew and grew, sofas, car insurance, cialis, and more. And Bleep got smarter, he started even to abuse Google's blogging service Blogspot.

Google Blogspot redirect abuse

Recently, Bleep the comment spammer started to use a nifty trick. Somehow Google's blogging service Blogspot allows people to add JavaScript. Moreoever, it allows people to redirect using JavaScript to a totally different site.

The comment spam report program I wrote in Perl reported each Blogspot site set up in such a way to the abuse email address of Google. Today I wrote a Perl program to check each blog and automatically extract the JavaScript redirect information. Below follows a table generated by this Perl program. The meaning of each column is as follows:

The blog spamvertized.
The date and time in GMT the abuse was reported the first time to Google.
com domain
The com domain the blog redirects to using JavaScript.
The value of the variable q in the query string of the redirect
The value of the variable aid in the query string of the redirect
The number of results Google reports for the query "" (including quotes)
blogdate (GMT)com domainqueryaidresults
sectional-sofas2006-06-30T23:00Ztoptravel10sectional sofas4301313,400
sectional-sofa-news2006-06-30T23:00Ztoptravel10sectional sofas4301313,200
sectional-sofas-new2006-06-30T23:00Ztoptravel10sectional sofas4301313,300
leather-belt-buckles2006-07-05T16:52Ztopauto10belt buckles4301315,500
auto-cheap-insurance-g2006-07-05T16:52Ztopauto10car insurance4301317,800
auto-insurance-quote-q2006-07-05T16:52Ztopauto10car insurance4301317,200
cialis-news2006-07-05T16:53Zpharma.universal-finderbuy cialis19,800
auto-insurance-quote-s2006-07-05T16:53Ztopauto10car insurance4301317,500
nes-buckle2006-07-05T16:53Ztopauto10belt buckle4301315,600
cowboy-belt-buckles2006-07-05T16:53Ztopauto10belt buckles4301315,600
auto-cheap-insurance-s2006-07-05T16:54Ztopauto10car insurance4301317,900
auto-cheap-insurance-q2006-07-05T16:54Ztopauto10car insurance4301317,900
auto-insurance-quote-j2006-07-05T16:54Ztopauto10car insurance4301317,000
belt-buckles2006-07-05T16:54Ztopauto10Belt Buckles4301316,100
couture-jeans2006-07-05T16:54Ztopauto10juicy couture4301315,600
cool-belt-buckles2006-07-05T16:54Ztopauto10belt buckles4301315,400
belt-buckle-knifes2006-07-05T16:54Ztopauto10belt buckles4301315,500
car-insurance-s2006-07-05T16:54Ztopauto10car insurance4301317,100
juicy-couture-news2006-07-05T16:54Ztopauto10juicy couture4301315,600
kate-spadeq2006-07-07T16:03Ztoptravel10kate spade430139,670
kate-spadef2006-07-07T16:04Ztoptravel10kate spade430139,430
kate-spadec2006-07-07T16:04Ztoptravel10kate spade430139,470
kate-spades2006-07-07T16:04Ztoptravel10kate spade430139,470
kate-spadew2006-07-07T16:05Ztoptravel10kate spade430139,380
kate-spade-new2006-07-07T16:05Ztoptravel10kate spade43013136
commodity-broker-i2006-07-08T15:55Ztoptravel10commodity broker43013622
commodity-brokeres2006-07-08T15:55Ztoptravel10commodity broker43013670
commodity-brokers2006-07-08T15:55Ztoptravel10commodity broker4301328
commodity-broker-and2006-07-08T15:56Ztoptravel10commodity broker43013635
commodity-brokeris2006-07-08T15:56Ztoptravel10commodity broker43013589
commodity-broker92006-07-08T15:56Ztoptravel10commodity broker43013667
christian-dior72006-07-09T17:16Ztoptravel10Christian Dior43013323
christian-dior92006-07-09T17:17Ztoptravel10Christian Dior43013325
christian-dior-all2006-07-09T17:17Ztoptravel10Christian Dior43013327
christian-dior-and2006-07-09T17:17Ztoptravel10Christian Dior43013331
christian-dior212006-07-09T17:17Ztoptravel10Christian Dior43013324
christian-dior-handbag92006-07-09T17:17Ztoptravel10Christian Dior43013324
christian-dior-perfume2006-07-09T17:17Ztoptravel10Christian Dior43013325
christian-diors2006-07-09T17:17Ztoptravel10Christian Dior4301325

My best guess is that aid is some kind of referrer id or advertiser id. Maybe Bleep is making quite some money with abusing your blog or guestbook...

Abusable blogs and guestbooks: sad news

What amazes me is that there are so many people out there having a blog, a guestbook, or some other option for visitors to leave a comment and not caring about spam. Some of the sites I checked had many comments consisting of nothing but a list of links. Best site in bleep indeed.

Google Blogspot: more sad news

Even sadder news is that the above blogspot blogs were checked at time of writing for the redirect trick, and all still are redirecting. Yes, that's right Google has done nothing with my reports and some blogs are still redirecting 2 weeks after reporting them to Google. So my question to Google, quoted from BYOB by System of a Down: Where the Bleep are you?.

Please post a comment | read 4 comments, latest by John Bokma | RSS feed
Limited User Account bug >
< Getting the date and time of digital photos