I’ve recently been hit by a bit of comment spam (I’m hoping to upgrade to the latest version of b2evolution, which has a few more anti-spam options, in the near future) but one thing that’s surprised me is how clever the spammers are getting.
At it’s most basic level, b2evolution’s anti-spam measures work via a blacklist of URLs (or at least keywords within URLs). Every now and then I update my list of blacklisted words that you’re not allowed to link to because they’re spammers.
Now, if someone spams my comments, it’s got an option to automatically blacklist the comment and the default keyword is last two components of the domain name (so if you link to http://www.somespamsite.com/blah, then the default keyword to blacklist is “somespamsite.com”).
But these new spammers are finding badly-written redirect scripts in order to redirect you to their spam site, but so that b2evolution would blacklist some innocent site by default. For example, click on the link below:
http://www.plymouth.edu/library/redirect.php?http://www.codeka.com/blogs
It looks like a Plymouth State University website (and it is!) but they have a “redirect” script which just blindly redirects people to whatever is specified in the query string.
It’s really annoying because I have to be very careful now when I go to blacklist a URL. Not so much because I’m worried about blacklisting valid sites, but because the spammer can send me 50 comments, with 50 different redirect scripts and the “auto-delete” feature won’t delete the 49 others.
P.S. I don’t want to pick on Plymouth State University here, they were just one of the many sites that the spammers have been using to create fake redirected links.