Comment spam is a growing field for spammers seeking to generate revenue from injecting spam commentary into interactive websites that allow user content to be displayed (such as forums and comment boards). Spammers seek to inject appealing messages that conclude with a link to an advertised content in the attempt to circumvent website users to click those links. Comment spam is therefor a problem both for website owners and the consumers of that website.
When Imperva introduced version 10.5 earlier this year, new feeds were introduced into our ThreatRadar ecosystem, one of those feeds was aimed at Comment Spam.
The feed is the result of a prolonged research conducted by our Application Defense Center, looking into the comment spam problem from end to end and trying to figure what we can do to help customers protect their web assets from spammers.
When looking into a security niche, it is very important to observe both the offending side and the defending side. That way, you are able to understand the premise of the niche, and its current state of play. That is exactly what we did with the Comment Spam niche. Our HII describes in details the behavior and techniques used by comment spammers in order to find targets, bypass filters, and effectively reproduce spam, while we also look at how defenders currently work to protect against this problem.
Looking into comment spam campaigns, we were able to identify a few interesting trends (more details in the research paper):
- 58 percent of all comment spammers are active for long periods of time.
- 17 percent of all comment spammers generated the majority of comment spam.
- Over time, velocity of spam increases against attacked websites.
One of the things that we have learned by learning how comment spammers behave is that a reputation mechanism will be a very good barrier to prevent or discourage comment spammers. Identifying a source attacker as comment spammer may prove very effective.
You can download the HII report, here.