Dealing With Comment Spam Attacks

A relatively small number of sources are responsible for the bulk of comment spam traffic, according to a new report from Imperva, a provider of enterprise security technology. As part of the company’s Hacker Intelligence Initiative, the “The Anatomy of Comment Spam” report monitored comment spammer activity against more than 60 different applications and reports.

Comment spammers try to reach users via the Web by injecting spam comments into forums, comment fields, guest books and Websites such as Wikipedia, the report states. These spammers are most often motivated by search engine optimization (SEO), so they can use a promoted site to distribute advertisements and malware.

“Comment spam attacks can cripple a Website, impacting uptime and compromising the user experience,” says Amicahi Shulman, CTO of Imperva. In the latest Hacker Intelligence Initiative report, the company’s Application Defense Center research team “reveals that a relatively small number of attack sources create the majority of comment spam, oftentimes leveraging automated tools to reach a maximum number of targets,” he adds.

Quickly identifying the source of an attack and blocking comments from the source can greatly limit the attack’s effectiveness and minimize its impact on a Website, Shulman reports.

Among the key findings of the report are that 80 percent of comment spam traffic is generated by 28 percent of attack sources, and 58 percent of all attack sources are active for long periods of time.

Identifying the attack source as a comment spammer early on and blocking their requests will prevent most of the malicious activity, the report notes. And IP reputation helps to solve the comment spam problem by blocking comment spammers early on in their attack efforts.

The report is based on data collected through monitoring of more than 60 Web applications by Imperva’s ThreatRadar Reputation Services. It provides information on the anatomy of comment spam from both an attacker’s and victim’s point of view.

For instance, the research looks at the stages an attacker follows to create comment spam and the different ways comment spam can be automated so attackers can scale their efforts.

From a victim’s standpoint, the research shows that over time, spammers increase the speed of their attacks against a Website once a commenting system proves to be vulnerable to attack. This shows just how vital it is to identify this activity and take steps to stop comment spam in the early stages, the report notes.

The report includes case studies that describe comment spam’s attack patterns and traffic flow. It also provides details on how Websites can defend themselves against comment spam attacks, using a number of mitigation techniques.

Organizations can choose from a number of mitigation techniques to address content spam, according to Imperva. These include content inspection (inspecting the content of the posted comments based on a predefined set of rules); demotivation (aiming to make comment spam useless); and manual inspection (effective against manual comment spam, due to the relatively small amount of spam that can be manually posted and inspected).