June 08, 2014

HII: The Anatomy of Comment Spam

Comment spam is a growing field for spammers seeking to generate revenue from injecting spam commentary into interactive websites that allow user content to be displayed (such as forums and comment boards). Spammers seek to inject appealing messages that conclude with a link to an advertised content in the attempt to circumvent website users to click those links. Comment spam is therefor a problem both for website owners and the consumers of that website.

When Imperva introduced version 10.5 earlier this year, new feeds were introduced into our ThreatRadar ecosystem, one of those feeds was aimed at Comment Spam. 

The feed is the result of a prolonged research conducted by our Application Defense Center, looking into the comment spam problem from end to end and trying to figure what we can do to help customers protect their web assets from spammers. 

The Anatomy

When looking into a security niche, it is very important to observe both the offending side and the defending side. That way, you are able to understand the premise of the niche, and its current state of play. That is exactly what we did with the Comment Spam niche. Our HII describes in details the behavior and techniques used by comment spammers in order to find targets, bypass filters, and effectively reproduce spam, while we also look at how defenders currently work to protect against this problem.

Key Findings

Looking into comment spam campaigns, we were able to identify a few interesting trends (more details in the research paper):

  • 58 percent of all comment spammers are active for long periods of time.
  • 17 percent of all comment spammers generated the majority of comment spam.
  • Over time, velocity of spam increases against attacked websites. 

One of the things that we have learned by learning how comment spammers behave is that a reputation mechanism will be a very good barrier to prevent or discourage comment spammers. Identifying a source attacker as comment spammer may prove very effective.

You can download the HII report, here.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.