October 20, 2005 4:00 AM PDT
Tempted by blogs, spam becomes 'splog'
- Related Stories
Phishing fight may be paying offOctober 14, 2005
Report: Antispam push helping curb U.S. junk mailOctober 12, 2005
Google fixes Web site security bugOctober 10, 2005
Google launches blog searchSeptember 14, 2005
One in six Americans visiting blogsAugust 9, 2005
Phishing attacks take a new twistMay 4, 2005
Gmail tries out antiphishing toolsApril 4, 2005
Cleaning spam from swapping networksMarch 18, 2005
Spyware infiltrates blogsFebruary 23, 2005
The search giant's Blogger blog-creation tool and BlogSpot hosting service, together the most popular free blogging service on the Web, fell victim this past weekend to the biggest splog attack yet--an assault that led to clogged RSS readers and overflowing in-boxes, and that may have manipulated search engine rankings.
"Uh, ladies and gentlemen of the blogosphere, I think we have an emergency on our hands," Tim Bray, Web technologies director at Sun Microsystems, wrote in his blog in response to what he called the "splogsplosion."
Google's Blogger blog-creation tool and BlogSpot hosting service, together the most popular free blogging service on the Web, fell victim this past weekend to the biggest "splog" attack yet--an assault that led to clogged RSS readers and overflowing in-boxes, and that may have manipulated search engine rankings.
The scope of the attack, and the sophisticated automation used to accomplish it, mark a turning point for splogging, a problem experts say has been building for some time. It's not yet clear what Google and others can do to stop the nuisance.
The attacker, or splogger, used automated tools to manipulate the Blogger-BlogSpot service and create thousands of fake blogs loaded with links to specific Web sites (home mortgage, poker and tobacco sites among them). The move was designed to doctor search results and boost traffic to those sites by fooling the search-engine spiders that crawl the Web looking for commonly linked-to destinations.
The counterfeit blogs also triggered thousands of RSS--Really Simple Syndication--feeds and e-mail notifications, swamping RSS readers and in-boxes.
"The total numbers (of fake sites) must be mind-boggling..." Bray wrote. "The software that's generating these things is pretty sophisticated; you might think (the sites) were real at first glance."
The scope of the attack, and the sophisticated automation used to accomplish it, mark a turning point for splogging, a problem experts say has been building for some time.
"It's been going on for months," said Matt Haughey, who runs the MetaFilter community Weblog and has blogged about the splog menace. "Over the weekend there was one guy's gigantic explosion. Someone basically scripted a bot to be able to (create) thousands of (fake) sites."
Unlike e-mail programs, blogging services don't have the capability to easily detect and filter out spam, said Bob Wyman, chief technology officer at blog search and tracking service PubSub.
The BlogSpot with the bathwater
The splogger executed a script that ran searches on blog search engines for specific keywords, said Wyman, notably names of some of the A-list bloggers, like Dave Winer and Chris Pirillo.
Then the splogger took the results, went to Blogger-BlogSpot and, using the service's application programming interface, or API, automatically created tens of thousands of blogs that contained text
Page 1 | 2
12 commentsJoin the conversation! Add your comment