Aral Balkan

Imagine this: Someone tries to break into your home over five thousand times a week. Or attempts to defraud you over and over again. You'd call the police, right? The law would (rightly) get involved. So why didn't I call the police last week when multiple parties tried to use this blog in an unauthorized manner over five thousand times? Why are the rules different on the Internet? I am, of course, talking about spam.

I would argue that the most valuable, and scarcest, commodity that each one of us have today is time on earth. Given that, and given that my website and my email account account are my property, shouldn't any attempt to steal my time and use my property without authorization be a criminal act that is policed at the highest levels? Forget the war on terror, we are bleeding to death here in the spam wars. Without legistlation and without a sustained official response to this criminal act, we are also seeing the rise of the only other alternative: Internet citizens are taking the battle into their own hands and being forced to become vigilantes in order to protect themselves, their sites and their most precious commodity, time.

Blue Frog is one recent example of Internet vigilantism. It was a community-based system that sent automated complaints to hit back at spammers. It must have made an impact because it was eventually attacked by a group of spammers with a DDoS attack that crippled the service and forced Blue Security to shut it down. This bit of gang warfare took place right outside out own windows and there wasn't a single Bobby in sight.

I use two different tools myself to combat spam on this blog (notice the words we use to talk about the spam wars). Bad Behavior is a script that stops automated spam attempts and AKismet is another community-based tool that (mostly) catches everything else. Together they stop thousands of spam attempts weekly on my blog alone. And the number of attempts is increasing. The spam statistics page on Akismet shows an alarming rise in the number of spam versus ham (legitimate) comments their system is seeing. There is a huge surge in the graph over the last three months. I've also noticed a similar trend in my email spam and some individual managed, for the first time in my experience, to spam a couple of mailing lists that I'm on, including the Arp mailing list.

If something is not done to curb the rise of spam, I'm afraid that we are going to be spending more and more of our time in trying to combat this pest. It is already having a huge effect in curbing the multi-way communicative nature of the Internet. It's a common story today to hear of a Wiki that is destroyed by automated comment spam or of someone who will not allow comments on their blog because of their (rightful) fear of spam. And more often than not, on the Internet (if not in the computer world in general), it is the victim that is made to feel responsible. "What? You don't have an anti-spam plugin? Oh you were asking for it!" "You mean you don't have anti-spyware software? You deserved it!" It's akin to telling a someone that they deserve to be raped if they're not wearing a chastity belt. What we need is to change the climate so that we can strut our stuff on the Internet without fear as we do in most civilized places in the real world.

Unless legistlators understand the severity of the situation and draft necessary legistlation and unless adequate resources are allocated for law enforcement to actually apply this legistlation, however, citizens of the Internet will continue to be forced to live in an environment where the victim is at fault and where vigilantism is the only form of self-defense.

Comments

• I'm also using these two plugins for wordpress and didn't had any spam comment getting through since then. And that without any captcha challenge! I'm quite pleased with that. The only feature I wish it had is that when everytime somebody tries to spam me, a bucket full of stinking garbage unloads on his head! :)

  by sascha/hdrs on 2006-07-06 10:28:39

• The internet has often been compared to the "wild west" frontier days of the US, an analogy that is probably pretty fitting. At first it was just a few settlers. Then as the population rose, you had a few cattle rustlers and train robbers. Now I imagine we're up to the early 20th century maybe prohibition era, with organized crime running rampant and law enforcement not able to do much about it. Since all that has happened in only about 20 years, I'd say that in another 10, we'll be in an internet utopia. ;)

  by keith peters on 2006-07-06 11:24:10

• Every cloud eh Keith? :D Spam really pisses me off, every morning I spend the first 10 minutes of my day filtering out the crap from the real emails. If I were to be unable to access my mail for a few days I'd be in real trouble. Another thing that upsets me is the need to use myemail[at]mydomain[dot]com whenever needing to publicly announce an address. This is not going to be obvious to un-savvy users and is a pain in the ass to type. Any spam superhero that wants to save the day will get my full appreciation.

  by DannyT on 2006-07-06 12:05:40

• Blog spammers are total scum. I'd also add that search index spammers are doing quite a bit of damage these days since they're cluttering up the search space with bogus pages and then costing advertisers when the hapless public ends up on one of those pages and clicks an ad to get away. The result is advertisers moving away from using per-click ads, which hurts the blogger trying to make money off of those ads.

  by mike on 2006-07-06 12:47:35

• Danny, my last comment was pretty tongue in cheek. But overall I think it's an apt analogy. Speaking of vigilantism, there was a cool app a while ago, a screen saver that would constantly ping known spammers and show a visualization of how much traffic they were getting and when they got overloaded. It eventually got pulled as it was essentially an illegal DOS type of attack.

  by Keith Peters on 2006-07-06 13:29:05

• The big difference with cyber crime is that there are concrete technical means to go about finding the culprits. This is something that with proper legislation can be crushed. However, big brother complex paranoia may keep the deeply buried tendrils of the intelligence agencies and telcos from coming up to help us with it for some time to come. Whats interesting to me is how techies can contribute to this and not think they are scum. I have two lightly travelled homemade blogs with no security and get no spam at all. Of course if I had them aggregated somewhere, then BOOM. Theres gotta be a better way to do things.

  by bill on 2006-07-06 14:14:56

• What I've done lately is to turn off comments for old blog entries (with one SQL statement), but new entries are open for comments as usual. Reason: Most spams are targeting old entries that were linked from elsewhere. It seems to work really well so far - no blog spam in my latest entries since I implemented this. As time passes, I'll turn off more comments for old posts. I know this isn't the best solution, but it sure save a ton of time deleting spams.

  by Dave Yang on 2006-07-06 14:20:49

• >>It’s akin to telling a someone that they deserve to be raped if they’re not wearing a chastity belt. hmm, bit harsh perhaps? guess I'm one of those people who thinks it's mostly up to you... I see it more as... "It’s akin to telling a someone that they deserve to have their car stolen if they leave the window open and the keys in the ignition" you've got a big shiney car (a popular blog, lots of visitors etc...you are a target) and you leave the window open (you have scripts that allow 'unknown' users to submit content to your site, interact with your database etc). yeah it's crap that little scumbags do this stuff, just as it's crap my car got nicked a while ago, I didn't 'deserve' it but I did screw up... thats life... next time I'll close the window! If you don't like spam, don't allow comments or use some kind of alarm (Akismet) to help deter the little buggers, but I can't see it ever 'stopping'. Don't want to sound defeatist, just realistic :)

  by Adam on 2006-07-06 14:21:32

• Those people are not people who tricker bots. Bots who are possible cause most of us customers leave our doors widw open. Thats a thing our law (and i think worldwide) is not capable to put into freaking laws to make those bastards dissapear of the face of this planet. We (most of the costumers) are too blind and those bots are just looking for those holes. Like not updated windows machines for example, like no enxrypted mail adresses pumped online, so there to grasp. We could do a lot to keep those ..... out. It's like changing the lock on you house, change the mail or reroute it. For the blog, akimet and spamkarma together makes it a few clicks to get rid of all those who slipped through. Furthermore, don't enable trackbacks and comments on older posts, just do a query or better a cron job to make sure every post older then specific date gets his comment and trackbacks disabled. And keep the list of sites you want to notify on new posts, as minimal as possible.

  by Folkert on 2006-07-06 15:10:08

• ahum, last reply his first line should be: Those people are THE people trickering bots, while the bots then take over...

  by Folkert on 2006-07-06 15:11:46

• ----------YOU'VE WON------------ *******CLICK HERE ******** --FREE ENLARGEMENT CREAM-- hehe, j/k. Is that the sort of spam you're talking about? It's annoying! I'm with you Aral. That story about Blue Frog is amazing, except for the ending...spammers have gotten way out of control. The Web 2.0 needs an anti-spam task force. Basically a virtual John Wayne.

  by LEE on 2006-07-06 17:59:59

• Yup... You are right. But tell me why politician will move for something they don't care. This stuff is not about money ( as the mp3 - big deal in france ) so I guess we will not see any law for that soon. Maybe we should spam the political guys with real emails... Saying something... This is what I have everyday in my email box... 10000 of them in a day repeated several day could maybe make them thinking ... :) Otherwise I remember a tool ( can't remember the name ) on the internet who was spaming the spammer. This one has been closed for LEGAL reason... WTF ??? So I just closed my windows, double-locked my door, bought 2 big and bad dogs and pray that noone wil go in my house... Cheers

  by zeflasher on 2006-07-06 22:49:23

• Just read the Keith comment. I think I'm talking about the same tool... Was pretty good and I was so pleased to be part of this community who was spamming the spammer :) :)

  by zeflasher on 2006-07-06 22:52:04

• Somebody coming to your house is like the worst nightmare coming true. I never wanted that to happen in my life. Same is the case on the internet when unwanted people come and disturb you.

  by Steven Chappel on 2006-07-08 07:04:28

• [...] Following on from Aral’s post regarding the amount of spam currently clogging the arteries of the Internet its nice to find a site that is doing something worthwhile with it all. The concept is to re-cycle Spam into computer generated Art. It also just happens to be a cool way of showing off some of the new tricks Flash 8 can do . [...]

  by BitTubeBlog » Blog Archive » Finally Something Worthwhile from Spam on 2006-07-17 11:52:28

• [...] See my earlier post on The growth of spam and vigilantism on the Internet for more information on both tools. [...]

  by Akismet update at Aral Balkan on 2006-08-28 10:04:24

• [...] For more information on Bad Behavior, read The growth of spam and vigilantism on the Internet. [...]

  by Upgraded to Bad Behavior 2.0.7 at Aral Balkan on 2006-11-14 13:29:15

• I use AKismet on Drupal. I lasted 20 days with 0 spam until I had 1,500 on one day. Now I'm up to 9,000 in 9 days. What is going on!?

  by Josh on 2011-02-21 08:04:52