Neil Turner's Blog

Blogging about technology and randomness since 2002

Interesting trackback spam development

Lately the trackback spam I’ve been getting has been quite different to before. Rather than have their spam target their own sites, they are pointing them at things like message boards and other comment threads.
These message boards have had JavaScript code posted in them which then forwards the user to the real site. In other words, the spammers are finding message boards which do not sanitise the HTML posted in them first (i.e. they accept <script> tags) and posting scripts in new threads, then spamming the URL of the thread.
It’s interesting because, on the one hand, it gets around URL-based filtering. But it’s also interesting because the message board page is the one that gets a PageRank boost from the site, not the actual site itself. However, the message board page, as well as having a piece of JavaScript, has lots of generated text and links to porn sites, so the PageRank effect should be passed on.
It’s quite clever, if a little worrying. Maybe we need to start notifying the owners of these message boards and have them delete the threads in question, and have them tighten up security on their forms. In any case, my spam prevention mechanisms block these from getting through anyway because they also match common words used in spam, and do IP and DNS lookups.

One Comment

  1. Spam Blogs are Splogs, Comment Spam is Spomment, how about trackback spam?  Spamback or Trackspam?   Please vote here.