Stuart Bellis
22-09-2014
Spam

'The Life of Brian', 'The Holy Grail', 'The Meaning of Life'. Three classic comedy movies from days of old which are (almost) as entertaining today as they were when they were first released.

When we look back at the incredible careers of the Python team it is perhaps somewhat strange to think that one of the things they will be most remembered for is their gift of the word 'SPAM' to the internet community.

Many of us will already be familiar with the story of how the common term for unsolicited junk email came to be known as spam. Canned spiced ham (Spam) was immortalised in Monty Python's 1970 sketch set in the Green Midget Cafe in Bromley where two characters, Mr & Mrs Bun are ordering from a breakfast menu which includes the tasty meat product in almost every dish. 

The word crops up an incredible 86 times in just under 3 and a half minutes, a group of vikings (?!?) singing their spam song on a table in the corner and Terry Jones ('he's not the messiah, he's a very naughty boy') repeating "You mean spam, spam, spam, spam, spam, spam, spam, spam, spam, spam, spam, and spam?"


Rumour has it that early computer geeks were Python fans and the repetitiveness of the term was immortalised when they started labelling 'junk' mail as 'SPAM'.

Spam Today

Today the term is used to describe a multitude of different unsolicited web based communications methods, from email and instant messaging to social media and blogs.

So why do spammers spam? It's pretty simple really. As the Wu-Tang Clan once said 'Cash Rules Everything Around Me. CREAM get the money, dollar, dollar bill y'all'. Spammers can make extraordinary sums of money. This caller to an American Tech TV show claims to have been raking in $1000 a day back in 2007 - he was only 17 years old!


Targeting Forums

We've been asked recently why spammers target websites to sign up as users, using random email address and user names. What do they gain from this? 

Spammers create accounts so that they can make comments on your site in order to gain links to whichever site they are trying to promote. Additionally, if your site readily allows 'new user registrations' it can allow them to insert data and links without your knowledge, gathering information and potentially making it easy to attack.   

It is not uncommon, regardless of safety precautions, to see a raft of users signing up to blogs and forums from random addresses and domains but then make no comments or engage in any form of user activity. Why?  

Often the miscreants who create these accounts, either manually or more likely through the use of automated software, are being paid per account by whichever client (and I use this term loosely) has requested their special 'service'. You may find that you see no activity for a substantial period of time before seeing any malicious activity. 

Our Advice

Cancel these subscriptions and sign ups as quickly as you can and close down these dummy accounts. Bots work in mysterious ways and it's always better to be safe than sorry.

Always make sure that whatever system you're running it's fully updated and all patches are installed. 

If you can identify IP addresses and subsequently countries of origin it is possible to use GEO blocking software to prevent attacks originating from these geographical areas. However, this is not 100% reliable and spammers will inevitably find their way around it pretty quickly if they want to.

In terms of how Code 7 can help with preventing these types of spammers we always recommend utilising  Google's reCAPTCHA feature ensuring that bots are kept from engaging in abusive activities by necessitating human interaction when signing up to forums, blogs, newsletters etc. 

Alternatively, we can just switch the facility off! One of our clients recently contacted us asking why this was happening. As it turned out they weren't using their forum anyway so we simply disabled it.