Feeds

Interview with a link spammer

It's nothing personal...

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Exclusive Sam - let's call our interviewee Sam, it's suitably anonymous - lives in a three-bedroom semi-detached house in London, drives a vintage Jaguar and runs his own company. But "it's not not all rock and roll and big money", says Sam. What isn't? Spamming websites and blogs with text to pump up the search engine rankings of sites pushing PPC (pills, porn and casinos), that's what.

For that's what Sam does, pretty much all day long. He - we'll use the male notation, it's easier - would do this anyway for fun, but it's more than fun; he says he can earn seven-figure sums doing this. Sam is a link spammer. He's unapologetic about it. Skilled in Perl, LWP and PHP, Sam's first professional programming was done aged 13, when he sold some code to a gaming company. He's 32 now, and spoke to The Register on condition of anonymity.

So how and why do "link spammers" - as they generically call themselves - do it? Are they the same as the email spammers? What do they think of what they do, ethically? And what can stop them? If you're affected by this spam, say because you run a blog, or a website, or like the other 99.9 per cent of Net users just come across the stuff, Sam explain the important thing to remember is it's nothing personal. They're not targeting you personally. They're just exploiting a weakness in a system which blossomed just at the time that Google cracked down on the previous method that spammers used, where huge "link farms" of their own web sites pointed circularly to each other to boost each others' ranking.

"It was around December 2003: Google did what was called the 'Florida update'. It changed the algorithm that measured how high a site should be ranked to spot 'nepotistic' links and devalue them. So if you had a link farm of sites with different names which linked heavily to each other, they were pushed down," explains Sam.

So the link spammers - who prefer to call themselves "search engine optimisers", but get upset when search engines do optimise themselves - turned to other free outlets which Google already regarded highly, because their content changes so often: blogs. And especially blogs' comments, where trusting bloggers expected people to put nice agreeable remarks about what they'd written, rather than links to PPC sites. Ah well. Nothing personal.

"Comment spamming to blogs was going on before the Florida update, but it rose after that," says Sam. "All we need is a website that allows some interaction." Photo galleries based around PHPGallery - which allows votes and comments - are easy targets too. So many of them allow anyone to leave a comment.

For even a semi-competent programmer, writing programs that will link-spam vulnerable websites and blogs is pretty easy. All you need is a list of blogs - which again, even a semi-competent programmer will be able to pull together (by searching for sites with keywords such as "Wordpress", "Movable Type" and "Blogger") a huge list of blogs to hit.

More than competent

And people like Sam are much more than competent. "You could be aiming at 20,000 or 100,000 blogs. Any sensible spammer will be looking to spam not for quality [of site] but quantity of links." When a new blog format appears, it can take less than ten minutes to work out how to comment spam it. Write a couple of hundred lines of terminal script, and the spam can begin. But you can't just set your PC to start doing that. It'll get spotted by your ISP, and shut down; or the IP address of your machine will be blocked forver by the targeted blogs.

So Sam, like other link spammers, uses the thousands of 'open proxies' on the net. These are machines which, by accident (read: clueless sysadmins) or design (read: clueless managers) are set up so that anyone, anywhere, can access another website through them. Usually intended for internal use, so a company only needs one machine facing the net, they're actually hard to lock down completely.

Sam's code gets hundreds of open proxies to obediently spam blogs and other sites with the messages he wants posted. They usually target comments to old posts, so they won't show up to people reading the latest ones, though search engine spiders will spot them and index them. And here's the surprising thing: link spamming is not outsourced. These people do it on their own behalf. (Does this mean it's an immature business? Reg readers please advise.)

Here's why. When Sam spams tons of blogs and sites with links to his sites - which are affiliates of bigger PPC sites - people see the links and, seeking some porn, pills or casino action, click through to his site, and from there to the parent site, which pays Sam for each person landing there. The PPC sites can see revenues of £100,000 to £200,000 per month, says Sam. He gets a slice of that - and he wants it to stay that way.

Perhaps the affiliate system could be seen as a form of outsourcing: the top-level site gets lots of people competing to find the best way to get visitors to the site. Darwin would understand. Link spamming, with its abuse of common resources, turns out the most efficient, just as cutting down virgin Indonesian and Amazonian rain forest is the most efficient way for loggers there to get wood. If it raises the global temperature of the blogging community, well, that's life on planet internet, isn't it?

Why not just buy a Google ad, Sam? "You don't get anything like the same click-through ratio. Jakob Nielsen's studies and my own show you get six or seven times more click-throughs from 'organic' search results. And pay-per-click on search engines costs money! It can be £20 per click! We pay nothing to get an organic result." But what about the moral question, that you're using other peoples' bandwidth and blog space and abusing it by putting your commercial message there? "The question of morals is one for the individual. While it's legal, it will continue. It could be argued that a website owner is actually inviting content to their site when they allow comments."

When Sam begins a spam run, he has one target, though he'll accept any of six. Principal one: come top of the search engines for his chosen site's phrase. "But you'll accept coming in at 1,2 or 3, or if you come at 8,9 or 10. Actually, 8, 9 and 10 have better conversion rates. I don't know why. Maybe the eyes fix on it when you scroll down the page." And the cost of doing it? Once the code is written, pretty much zero. "Bandwidth is cheap," he says. "You set it going in the evening and come back in the morning to see how it's gone."

Top 5 reasons to deploy VMware with Tegile

Next page: The legal question

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.