Link spammers

  May 04, 2004

Earlier today, I noticed that a blogger, for the third time, had posted comments on my entry entitled Using Gmail, for the sole purpose of making a barely noticable link back to his own weblog. A blogger spamming for links to his own weblog? How odd.. How stupid.. It turns out, things are not what they seem.

See, the URL that the spammer was trying to post, several times over, in my comments, is the following:

http://radio.wblogs.com/0100146/

Notice that there is an "e" missing from the URL? It isn't at UserLand's weblogs.com, it's at wblogs.com. I did notice this, but figured that since that site is identical to the one at weblogs.com, or at least seems to be at a glance, UserLand has probably just bought wblogs.com as well. You know, just in case.

Turns out, that's not the case at all.

But that's what I thought, and since I thought it was pretty rude, not to mention stupid, for a weblogger to spam for links to his weblog, I'd give him that link he wanted so much. So, I created a "Contemporary Link", the ones in the sidebar to the left on this site, with a link to the spammer's site, and a link description saying "Here's a link to your weblog, Rod. Now will you please stop fucking spamming the comments on my posts?".

Turns out, that's not Rod's site at all.

Get this. The site at wblogs.com, which at a glance seems to be the same site as the one at weblogs.com, Rod Kratochwill's legitimate site, is actually an elaborate scheme to fool weblog owners to not delete the spammed links because they look like actual weblogs.

So, this is Rod Kratochwill's actual weblog, hosted at weblogs.com:
http://radio.weblogs.com/0100146/.
And this is a complete fake, run by a spammer:
http://radio.wblogs.com/0100146/ (you'll have to copy and paste this URL, I don't want to give the spammer a link, because that's exactly what he wants).

Somehow noticing my link to the spammer version of his site, Rod contacted me and, in a very mild and friendly tone, informed me that the site I'm linking to is not his, Rod Kratochwill's, weblog at all. It's a spammer which has made a complete copy of his site but which contains hidden links to porn sites, incest ones at that, in the code.

Apparently, the spammer had done this before, but recently updated the false copy of Rod's site, at wblogs.com, to a more recent version. Now that's an elaborate scheme. Not only are spammers going through the trouble of spamming links in weblogs, now they're even going to great lengths to copy actual weblogs, and to spam links to those, in hope that weblog owners won't remove the links because they seem like legitimate weblogs.

According to a whois lookup, the owner of wblogs.com and cykanax.com is:

Alexander Morozov webmaster@se-traf.com +1.4156656387
Crutop
Volgogradsky prospekt, 16
Moscow,Moscow,RU 126003

For anyone else using MT-Blacklist, I suggest adding wblogs.com to their list of banned domains, as well as the porn-incest site the fake weblogs, in turn, are linking to, which is cykanax.com.

Update:
I hadn't noticed, but Rod informed me that www.wblogs.com is a direct copy of TypePad.com, and radio.wblogs.com, quite expectedly, is a direct copy of radio.weblogs.com. May I suggest a little bit of legal action?

Permanent link

Previous   Next >

Comments

  1. People like that are creepy :/ But Tomas, how about a link to my sweet t-shirt? :)

    Comment by swimp at 23:25, 04 May, 2004 #

  2. Seems like this Alexander Morozov is a busy guy. Seems he's doing the same over at bllogspot[dot]com, although I haven't seen any sites on this domain...

    Seems like very much work for a little reward, but; Pretty sneaky though...

    Comment by John Magnus at 01:35, 05 May, 2004 #

  3. Wait, wait--- so does this mean that if I spam the shit out of your site with my site's URL that you'll add it to your link bar?

    Comment by JeffryG at 02:40, 05 May, 2004 #

  4. JeffryG: Perhaps. But not with a very friendly link description.

    Comment by Tomas at 02:47, 05 May, 2004 #

  5. Wow. Actually did anyone else look at the code for the spammer's site. It's one massive script. What's amazing about this is obviously for the random user, no one would even know it was a fake site, and I'm certain this has increased the various porn sites rankings in numerous search engines.

    Pretty darn bold, but unless you find your duplicate site, I'd say darn hard to catch as well.

    Comment by allgood2 at 03:32, 05 May, 2004 #

  6. It actually wasn't too hard to find out that this guy was using my identity. I have a couple of search feeds setup in my aggregator on Bloglines and PubSub and when he started posting comments using my name I found out right away.

    Rod

    Comment by The real Rod at 13:56, 05 May, 2004 #

  7. Duly noted. Thanks, Tomas.

    Comment by Jeff at 20:46, 05 May, 2004 #

  8. this is a good post, my friend has got lots of spammers yesterday,too and she's using MT :|

    thanks tomas :)

    Comment by echa at 22:14, 05 May, 2004 #

  9. Rest assured, all weblogs.com and blogspot.com clones mentioned above are now both on the master blacklist.

    Comment by Jay Allen at 02:42, 06 May, 2004 #

  10. Amazing how perky some of the spamers got. I hate them... has anyone informed typepad about the copy? What are they going to do?

    Cheers,

    Chris

    Comment by Chris at 11:53, 06 May, 2004 #

  11. I'm beginning to build up a little grudging respect for "Alexander Morozov", much as I hate it. His current spam campaign, "Think simple. Learn different." with a link to macinstruct.NET (again, using the content from macinstruct.COM to cloak porn links), is pretty well thought out. A nice Mac angle, for Mac-loving bloggers, stealing from a site that delivers HTML as text/plain so Firefox/Moz (and, I assume, Safari) users have never seen it, putting links in the comment body on sites that use MT's comment URL redirect... he's a cunning spammer.

    Comment by Phil Ringnalda at 06:51, 09 May, 2004 #

  12. Wow, w*blogs.com is an exact copy of TypePad, as you said. This is the first time I see someone going through so much trouble to spam. That said legal action will probably be no good, since A. Morozov (if that's his real name) is in Russia ...

    Comment by Alex at 16:10, 12 May, 2004 #

  13. I'm confused about why he used the complicated script. Couldn't he have accomplished the same corrupt goal using an iframe?

    Comment by Uedauhes at 00:21, 23 Jul, 2004 #

The discussion has been closed on this entry. Thanks to everybody who participated.

Jogin.com

Devil's Advocate Extraordinaire

Ads

Recent Entries

  1. Later
  2. Penis tax
  3. Traffic
  4. Free Willy
  5. Boooring