One of the most annoying forms of search engine spam is comment spam, and other automated attacks on dynamic sites intended to plant keyword-laden links to the spammer’s web site.
One spammer in particular seems to be exceptionally prolific. Although I don’t know if this individual is male, female, or in fact an artificial intelligence of some kind, I’ve taken to calling “him” the Texas Hold-Em Guy, or THEG.
THEG will attack any vulnerable script. I thought I was pretty safe running the off-brand WSNLinks for my webmaster resources directory, but it too was attacked by THEG.
We could wait for every software developer to build in better security, then wait for THEG to defeat it, but it’s an endless cycle. Even a CAPTCHA won’t stop THEG, but have no fear… there’s a better way.
All poker fans know that the most relevant resource for information on Texas hold ‘em is the Wikipedia, don’t we?
So why isn’t every blogger linking to that wikipedia entry, with every possible variation of texas holdem, texas hold em, texas hold’em, and texas hold ‘em in the anchor text?
Fight the THEG, link to Wikipedia today.
September 23rd, 2005 at 10:00 pm
Except since wikipedia is user editable, all he’d need to do is to go there every once in a while and post links to his page(s) and he’d probably get even more juice then before.
September 23rd, 2005 at 11:00 pm
While I applaud your efforts, the problem is that they’ll just move on to something else tomorrow. Spammers will spam as long as it continues to work for them.
What we really need to do is find an independent entity (MUST be non profit) who would be willing to maintain a global userid for use in blogs and the like. If you don’t require a login, you’ll never be able to avoid comment spam and the like.
September 24th, 2005 at 12:18 am
Requiring a login has sure cut down on the use of Hotmail accounts to send out email spam, hasn’t it? :D
Outlinking the THEG will not prevent spamming, that’s true. As long as spamming websites pays, the THEG will spam websites.
September 24th, 2005 at 2:03 am
Count me in the texas holdem thing!
One question though. If more people join in and we manage to make the Wikipedia article #1 for “texas holdem” that’s great. But I think the spammer will happily settle for #2, 3, or anything in top 10 I guess. So I’m not sure it will be so bad for him.
Also when we create all those texas holdem pages, isn’t this also a favour to the spammer? I mean if he succeeds in including his links (for example if Google visits my blog before I delete the spam comment) now the blog has a bit of a texas holdem “neighbourhood” and is a slightly more valuable real estate for a texas holdem link :(
September 24th, 2005 at 7:40 am
Hey Dan,
There are ways to prevent this kind of spam. Asking basic common sense questions, asking the user to enter in the captcha backwords or solve an acronym in the captcha. Fair enough, eventually they’ll catch on to the captcha-related ones but if you keep your questions database up to date, they have to be pretty damn intelligent.
P.S. I’m still waiting on your reply to my email ;)
Best Regards,
- Dean
September 24th, 2005 at 8:39 am
Danilo - The Wikipedia page for “online poker” was googlebombed a while back on similar grounds, and it did see a surge of people trying to add links there. They didn’t last. (It’s currently fourth, incidentally)
Currently, the Texas hold’em page has no external links, and the page history seems to show about as much tolerance for them. It’s probably not worth worrying about them spamming that…
September 24th, 2005 at 10:31 am
Dean,
CAPTCHAs won’t stop the THEG. What won’t fall to automated approaches can be solved by human zombies who solve CAPTCHAs for free.
A couple other examples of how THEG can get links by exploiting dynamic sites, courtesy of JasonD:
TW: Exploiting a Citation-Based Algorithm
TW: Mass Spamming Engines
Jason also points out, in that second thread, some of the other bad things that can happen with insecure scripts.
September 24th, 2005 at 11:08 am
Well unfortunately if you’re dealing with humans, there’s not much you can do other than turn on moderation :(
September 24th, 2005 at 11:51 am
Yep…
On the whole, it would be better if THEG and pals would stick to cross-site scripting exploits that don’t waste our time.
September 24th, 2005 at 7:33 pm
Oh boy. Memories of the Texas Holdem guy. I just laughed when I saw the title of this post. One reason I’ll never go back to movableType again.
September 25th, 2005 at 12:18 am
Using various plugins to fight spam in WordPress, maybe 1-2 spam comments every couple of months actually get through to the site…and then I usually delete it within a few hours.
September 25th, 2005 at 11:29 am
why doesn’t google simply block him for his bad behaviour?
September 25th, 2005 at 12:25 pm
There’s probably more than one THEG out there, and even if there’s only one, these folks consider domain names disposable.
September 25th, 2005 at 4:18 pm
I use a few simple rules to mod_security. Made it quite easy to block pill/poker spam.
September 25th, 2005 at 10:17 pm
The best way to fight blog spammers is to report them to the affiliate site. The Texas Holdem guy is probably promoting an online poker room with his link to his page. His affiliate ID can found on any of the affiliate links on his page. Reference his affiliate ID, his webpage, and the page where he spammed your blog when you email the affiliate site. Some poker affiliate programs do not tolerate blog spammers and will usually close down the affiliate’s account if it is reported. This is by far the best way that I have found to punish these lowlife spammers.
September 25th, 2005 at 10:56 pm
The best thing would be if the search engines stopped attaching relevance to such tactics, as Google is already trying to while tackling with comment spam.
September 26th, 2005 at 2:15 pm
Danilo,
The Wikipedia page would get edited back in a flash.
September 28th, 2005 at 11:16 pm
I got stung by the ‘raunchy s*x talk’ guy (I think they are related) and I only realized it months after they began attacking the comments section-I run a Family Friendly web site for Moms. I just dumped the database and turned comments off forever.
October 6th, 2005 at 5:27 pm
Back in february I started something similar which got some momentum (slashdotted sorty, in particular) to link “online poker” to the Wikipedia page.
http://frenchfragfactory.net/ozh/archives/2005/02/19/bloggers-of-the-world-unite/
October 12th, 2005 at 6:04 pm
He, he, I really hate that guy.
Tom’s idea of reporting the affiliate is interesting but how do we know if the site selling the services minds about the method used to promote the services, sure, they may have an agreement or something telling they don’t support spammers but as long as they get business they could look the other way.
Installing a CAPTCHA in my Wordpress blog helped me to reduce 98% (aprox.) of my spam volume, but Texas Holdem guy sometimes still visit me, as I said before, I hate that guy and hope his computer burns down :)
Regards!
October 20th, 2005 at 8:56 am
Amen to the post above. I finally had to close comments on my blog b/c of the volume of that guy and all his friends. I’ll have to consider installing a CAPTCHA in my WP if it really does help to that magnitude.
October 27th, 2005 at 12:15 pm
Right, so if we are dealing with a problem that has become notorious in the blogosphere, causing ‘millions’ of pages to link to wikipedia as a counter-attack. Why haven’t the companies that are benefitting from the spam (I mean the scum-bag mafia-run gambling game sites) been actioned? I am sure, no, I have faith Google by now is planning a general ban on gambling sites, no? Something like putting these scum bags under the wraps of a filter the same way adult sites are. If you are willing to find gambling sites then go to the rather user-unfriendly preferences and set Google to find gambling sites for you.
It is becoming ridiculous how organised crime is taking us all for idiots and just spoiling the party for us all.
November 2nd, 2005 at 11:45 pm
LOL… I’m seeing a comment a day now, from some wannabe THEG trying to put a link on here. Too funny. Sorry Cheap Long Distance Guy, sorry Airline Tickets Guy…. you’re no THEG.
The THEG knows SitePoint slaps a rel=nofollow on every link, even if he doesn’t realize the spam comments will last mere minutes before they’re dumped anyway.
January 14th, 2006 at 6:34 pm
Please help me the Texas Holdem Poker/Poker/Party Poker/Pills/Crazy Frog Ringtones/Ringtones (all with a link to his f******g poker site) has been spamming me for the last month and I can’t get rid of the punk ass b***h - argghhhhhhhh!
What can I do, please help!
January 14th, 2006 at 6:37 pm
Is this a human or a bot?
January 16th, 2006 at 4:47 pm
The THEG is more of a composite sketch… many humans, many bots.
January 23rd, 2006 at 4:53 pm
[…] This weekend I was forced to do something that I’ve been dreading since creating the web site last year. In response to the increasingly annoying posts and messages from spammers I “locked down” the forum by turning off the ability to post as a guest. Don’t fret forum users, the forum is still there, ready for your reading, but it’s now necessary to be logged in as a registered user in order to post. What’s the big deal you might ask? In order to encourage the free flow of ideas and resources without the hassle of signing up for yet another web service, I had hoped to keep the forum completely open to unregistered users and the general public. Since many members of the general public can’t seem to be trusted in keeping their Texas-Hold’em and Cialis spam links to themselves, I’ve closed the forum to unregistered users in order to stop unsolicited, and in many cases inappropriate, posts. […]
June 25th, 2006 at 11:42 pm
Nice site. Thank to work…
November 17th, 2007 at 8:04 am
Isn’t comment span worthless anyway now that they have the no follow tag? Google says the pagerank of the site doesnot count towards the link and the anchor text will not count towards the link, so does the link even count at all? Most comment on blog sections now use the no follow tag.