Monday, July 17, 2006

Splogging Bots

I don't know that ghosts exist, but I believe in them. I don't know for sure that splogging bots exist, either. I believe in splogging bots more than I believe in ghosts. At least, I respect the threat that they provide. Ghosts can't hurt you. In Spam Blogs #3, I discuss the scope of this problem.

Here's one very possible scenario. You are tired of having your friends complain about not being able to see your blog, every time Blogspot hiccups. So you setup a folder on your ISPs server, you register a domain name (cool), and you publish your Blogger blog to your new domain. Fine.

The next day, one of your friends emails you and says
Why are you selling stocks (adult movies, drugs, what have you) now?


And you go to your old URL on Blogspot, and look. And lo, you see a big advertisement blog, where your poetry used to be. WTF?

So you think
I'll fix them.

and you back into Blogger and change your blog to publish it back to the Blogspot URL. Get rid of the spam shite. And when you try, you see
Sorry, this blog address is not available.

Browse thru the various threads in Google Blogger Help (in the 4 main subforums - ignore Share Your Blog!). You'll see this story repeated almost daily. How did this happen?

From the volume that it's happening, it pretty much has to be an automated process. Watching for newly available addresses (previously existed = worth money), re registering them, and putting spam blogs (splogs) in their place. And that's a splogging bot.

  1. We know that there's money in botnets.
  2. We know that there's money in splogging.
  3. We know that blogs are being hijacked, in various ways.
  4. We know about "distributed attacks", and about "throttled distributed attacks".
  5. The rate that the hijackings are occurring suggests some sort of automated process.

So next you ask
If my blog gets deleted (by me or by a Blogger anti-splog bot), or if I move my blog to an external host, how quickly should I setup a stub blog, to replace what I just deleted or moved? How many hours, days, weeks am I safe?

Well, as in the example above, the hijackings that I've read about suggest a period of days (or overnight), until the problem is noticed. So did your friend load your blog (the old URL) immediately after it was hijacked? Or hours, or days, after?

I, personally, would assume the worst possible case, and suggest
Minutes.


Put it this way. If botnets are not being used, right now, in blog hijackings, then the hijackings are being done manually. If the bad guys aren't using botnets right now, to hijack blogs, they will be sometime soon. Money follows money. Think. They are making good money right now. Using existing tools (botnets), they can make even better money.

I've been wrong before. Many times. I do not think I'm wrong right now.

This post, as other posts in my blog, is open for comments. Or you can sign my guestbook, and make your message private, if it pleases you.

No comments: