The Proliferation of ‘Spam’

“Spam, spam, spam, spam … Spam! Love­ly spam!” — Mon­ty Python’s Fly­ing Cir­cus — The ‘Spam’ sketch

The pro­lif­er­a­tion of ‘spam’ (and oth­er atten­dant attempts to access, cor­rupt or oth­er con­script web­sites) is a con­stant pain for any­one. As I write this, the blog has been in action for about eight weeks and has accu­mu­lat­ed over 170 com­ment spam attempts. (That alone is some­what dis­cour­ag­ing, as, if I dis­count my own com­ment replies, that is almost 15x the num­ber of actu­al com­ments the blog has received.) How­ev­er, my Word­Press instal­la­tion is con­fig­ured to auto­mat­i­cal­ly scan any com­ment and sequester any that appear to be spam for my approval. It also means that any post, spam or not, will have to wait until I can approve it until I can imple­ment a bet­ter method for han­dling com­ments, one that will take a lit­tle investigation.

(Its not like the spam is real­ly very intel­li­gent. One sim­ply scat­ters a num­ber of ran­dom let­ters, some­times in a for­eign alpha­bet, around a URL. Anoth­er repeats a rather gener­ic greet­ing. The most amus­ing one was one that actu­al­ly men­tioned ‘hip­no­sis’ but gave as their URL the web­site of a male-enhance­ment drug in German.)

I am using the best spam pre­ven­tion meth­ods I can find, some that should stop spam­mers even before they even get to the web­site, but its an ongo­ing bat­tle. Its just so easy for some­one with lit­tle or no knowl­edge or com­put­er expe­ri­ence to get a spam­ming toolk­it and a list of address­es from a black-hat web­site and start spam­ming away. Its even worse when idiot peo­ple let their sys­tems get com­pro­mised and become unwit­ting tools to act as a proxy army to expand on the efforts of just one spam­mer or a whole array of unsa­vory activities.

And still there is spam. It is a con­tin­u­ing bat­tle. And one that I will con­tin­ue to fight. Its not lim­it­ed here: my com­pa­ny web­site peri­od­i­cal­ly will have a num­ber of attempts to access a non-exis­tent blog or any oth­er pop­u­lar type of web pack­age: I designed the web­site to report any attempts that return a 404 (not found) error and there have been sev­er­al times when it report­ed sev­er­al attempts (the record is actu­al­ly 137 attempts from the same web address at all rough­ly the same time) try­ing dif­fer­ent sequences of URLs in the vain attempt to find some­thing to exploit. Unfor­tu­nate­ly for them, and for­tu­nate­ly for me, there wasn’t.

And what can be done? From a per­son­al stand­point, pro­tec­tion: use an anti-virus pro­gram and make sure it is always up-to-date. In fact, make sure your entire sys­tem is up-to-date with the lat­est cor­rec­tions, most of which nowa­days are to close holes in the oper­at­ing sys­tem that can be tak­en advan­tage of.

But most of all, use good sense. Remem­ber that there are peo­ple out on the Inter­net who will, if giv­en the slight­est oppor­tu­ni­ty, will take advan­tage of it. Don’t let them.