Less than a third of attackers account for 80 percent of comment spam
You don't need to spend very much time on popular websites and forums to encounter the curse of comment spam, adverts or links embedded in fields intended for reader interaction.
Comment spammers are most often motivated by search engine optimization, using a busy site's comment fields and guest books to get views for advertisements and malware distribution. A new report by enterprise security specialist Imperva takes a close look at comment spam and looks at ways that companies can combat it.
"Comment spam attacks can cripple a website, impacting uptime and compromising the user experience," says Amicahi Shulman, CTO of Imperva. "In our latest Hacker Intelligence Initiative Report, our Application Defense Center research team reveals that a relatively small number of attack sources create the majority of comment spam, oftentimes leveraging automated tools to reach a maximum number of targets. Quickly identifying the source of an attack and blocking comments from the source can greatly limit the attack’s effectiveness and minimize its impact on your website."
Key findings of the report are that 80 percent of comment spam is generated by just 28 percent of attackers and that 58 percent of attack sources are active for long periods of time. Identifying attackers early and blocking their requests helps curb their activity and the use of IP reputation is a useful aid here.
The report, based on data collected from monitoring over 60 web applications, provides useful information on the anatomy of comment spam from both the attacker and victim viewpoints. It looks at the stages an attacker follows to produce comment spam and the various ways that it can be automated to allow attackers to scale their efforts.
From the victim's point of view the research shows that over time comment spammers increase the frequency of their attacks against a website once a commenting system is shown to be vulnerable. This underlines just how important it is to identify and take steps to stop comment spam in its early stages.
It recommends a number of mitigation techniques including inspection of content against a set of rules, checking the reputation of the source, anti-automation measures like Captcha, and demotivation approaches such as deactivating links with the "nofollow" value to make the spam worthless.
If you want to read more you can access the full Anatomy of Comment Spam report as a PDF on the Imperva website.