Where’s the peanut butter?!

I imagine the conversation went something like this…

• Coworker 1: “Hey - you know we’re having donuts at today’s rollout party?”
• Coworker 2: “Yeah…”

• Coworker 1: “Did you know Patrick’s got the record set on eating a dozen at 21 minutes and 45 seconds? Think you could beat it?”

• Coworker 2: “Golly! You bet I could - sign me up!”

Why do we let ourselves be talked into such absurd situations? What is
the neural malfunction that lets someone say “I don’t have to try
crack to know it’s not good for me and I don’t want it” but that lets
us agree to an eating contest like this?

Not only have we got a long way to evolve, but my record still stands.

So I just got flooded with comment spam on my blog and had a
conversation with Cory about how and why this happens. For anyone
curious why my blog was just littered with links to porn sites, here’s
some of that explanation…

Why?

There are two pretty clear reasons why spammers go around leaving
comments in blogs or web forums. First, it’s free “advertising.” The
demographic of people visiting my blog (which really isn’t big enough
to extrapolate from but the general point is correct), aren’t usually
shopping for dildos. But if some spammer can get one person to make
that jump from “I wonder what’s going on with Patrick?” to “I’d like
to in crease my man-hood” and further “I’ll click some random link to
do that now” then the spammer has done his job.

Second, Google’s pagerank algorithm had been wildly successful at
prioritizing search results based on the pagerank algorithm which
partially prioritized results based on sites linking to other sites
(as “votes” for the quality of the destination site), by adding a
comment to every post on my blog that says “please visit my site” in
the comment body and links to the destination site, the spammer has
now created hundreds of “votes” for that the site he was paid to
advertise.

How?

Scripting attacks are what hit me and they’re fairly simple to
hook up. All you need to do is realize that there is some common
system on some site for posting unauthorized comments. With weblogs
that are based on Blosxom and which use the writeback plugin for
handling comments and trackbacks, spammers know that if they create a
script which browses to http://foo.com/post.writeback, there will be a
form which contains a user/site/comment and has a “submit” button -
they just need to fill in those fields and get the “site” value
correct and submit the comment and voila! There’s a new spam link on
the site. Combine this with the fact that if you know a little about
constructing more powerful Google queries, you can get back a list of
href="http://www.google.com/search?hl=en&q=site%3Apsoul.com&btnG=Google+Search">all
the pages on psoul.com and now you just do a simple iteration
like:

foreach page in (psoul.com)
   fuckup(page)

And your work is done.

Referer [sic] spam - for a while it was fashionable amongst bloggers
to show a page listing the referers to the site. This gets to some
kind of interesting aspects to what happens when you use a browser to
navigate the web. When you browse to http://www.psoul.com, you are
using your browser to make what’s technically called an HTTP GET
request for whatever that web server has at that location. Most of
the details are hidden, you simply say “go to http://www.psoul.com”
and the page comes back but inside that transaction, the browser sends
a number of headers to the webserver that tell the webserver more
about what the user wants. Internally it looks more like “I am the
[User-Agent] browser, I have just come from [Referer] and I would like
the [Accept-Language] language copy of [whatever I am GETting].” The
interesting header there is the Referer, which tells the website which
URL the visitor just came from. Bloggers had been interested in this
because it could tell them how people were getting to their blog -
this is interesting because this tends to be someone in another blog
saying “Patrick says thus and such”, and then the blog author
knows who’s writing about his blog entries. Spammers would take
advantage of this, though, by finding weblogs which list the last 10
or 20 referrers, and then browsing to http://www.spamsite.com and then
going to the blog and then voila! More links on the blog author’s page
that the author probably really didn’t want there.

All of this is a major hassle and the spammers doing crap like this
should be gassed.

Smoking ban expected to pass easily

A proposal to ban smoking in public — including some outdoor
areas — could significantly affect the customers and owners of any
restaurant, bar, club, non-tribal casino or bowling alley in the
state.

Yet just weeks before voters will decide Initiative 901, the measure
has drawn relatively little public interest and virtually no serious
opposition.

- Seattle PI

How has it taken so long for this to come around?

I could only lay low for so long - I’ve been flooded with comment spam
and tempoarily disabled comments while I clean out the crap and work
on preventing this in the future.