Ajit Gaddam: TechNews and Security

This started out from performing a Spam message analysis we receive everyday at AskStudent.

What is spam?

Spam is usually meant as unsolicited email messages sent to your account. Spam is also referred to as “unsolicited commercial email/posts” and “unsolicited bulk email” sent to either your email accounts on message posts online on websites or blogs. They range from advertising usually Viagra to potentially offensive(child Porn).

Why am I getting all this spam?

Spammers(the people who send spam) “harvest” email addresses from various places. If you have done anything on the Internet at all (register a software product, participated in a online discussion board), your address could potentially be harvested by spammers. Even if you hardly do anything on the Internet, as long as you have some kind of presence (even just an email address), your address could still be the target of spam messages. Spammers have been known to launch attacks similar to “cold calling”; they’ll keep trying email addresses until they find a valid one.

For example, a spammer could send a message to fit.edu addresses and just use all known common first names before the @ sign. The invalid ones will bounce but the valid ones will get delivered.

We will walk you through a new method being used by spammers –> 

Have the spam link on online message boards originate from a valid and a reputed site such as a .edu or a University/college website.

Spammers have determined that if they register for a message or university discussion board account, they can then leave a link to their webpage. The link shows up on the message board user list. What the spammers then do when leaving a link on comments on a web site such as AskStudent’s , instead of leaving an obvious link to a spammer site, the link would be something like the following:

web.universityname.edu/deptname/disc1_frm.htm

This URL looks relatively innocent, after all it is coming in from a university web site and probably some students there have a discussion going on, on their message boards about the article on which the “comment” was placed. But, if you follow the link, you get to a discussion board that uses JavaScript to immediately redirect you to the spammer’s site.

The problem with this hacked .edu message boards is that they are coming in from a Trusted domain. So what happens when a link from a trusted domain is posted on your blog. It results in something like this coming into our moderation queue everyday. Spam links which originate from .edu domains.

Links being used for SEO

Still not convinced. Try a Google search for phentermine, a drug that is among the most promoted by spammers. In the results page on Google, two out of five top results return hacked message board pages advertising and promoting phentermine.

 At AskStudent, everyday we get over 1000 comment spam messages where myself and other editors manually go through each and every one of them. Is it worth it trying to find that one spam message that escaped Akismet filters. Oh yes… but it is indeed a painful process. We are trying to implement additional layers of security including maybe a math filter down the line. It is a work in progress however.

Have any of you successfully dealt with Comment spam? Also, any ideas on how do we resolve incoming links from hacked university message boards. For a student site like AskStudent, we cannot just keep filtering out .edu domains. Any ideas?