Tempted by blogs, spam becomes 'splog'

The search giant's Blogger blog-creation tool and BlogSpot hosting service, together the most popular free blogging service on the Web, fell victim this past weekend to the biggest splog attack yet--an assault that led to clogged RSS readers and overflowing in-boxes, and that may have manipulated search engine rankings.

"Uh, ladies and gentlemen of the blogosphere, I think we have an emergency on our hands," Tim Bray, Web technologies director at Sun Microsystems, wrote in his blog in response to what he called the "splogsplosion."

The attacker, or splogger, used automated tools to manipulate the Blogger-BlogSpot service and create thousands of fake blogs loaded with links to specific Web sites (home mortgage, poker and tobacco sites among them). The move was designed to doctor search results and boost traffic to those sites by fooling the search-engine spiders that crawl the Web looking for commonly linked-to destinations.

The counterfeit blogs also triggered thousands of RSS--Really Simple Syndication--feeds and e-mail notifications, swamping RSS readers and in-boxes.

"The total numbers (of fake sites) must be mind-boggling..." Bray wrote. "The software that's generating these things is pretty sophisticated; you might think (the sites) were real at first glance."

The scope of the attack, and the sophisticated automation used to accomplish it, mark a turning point for splogging, a problem experts say has been building for some time.

"It's been going on for months," said Matt Haughey, who runs the MetaFilter community Weblog and has blogged about the splog menace. "Over the weekend there was one guy's gigantic explosion. Someone basically scripted a bot to be able to (create) thousands of (fake) sites."

Unlike e-mail programs, blogging services don't have the capability to easily detect and filter out spam, said Bob Wyman, chief technology officer at blog search and tracking service PubSub.

The BlogSpot with the bathwater
The splogger executed a script that ran searches on blog search engines for specific keywords, said Wyman, notably names of some of the A-list bloggers, like Dave Winer and Chris Pirillo.

Then the splogger took the results, went to Blogger-BlogSpot and, using the service's application programming interface, or API, automatically created tens of thousands of blogs that contained text

People querying the well-known bloggers' names in blog search engines, and people who track these bloggers and their write-ups via services like PubSub, Technorati and Feedster, then received feeds to the fake blogs, jamming RSS readers with useless links, Wyman said.

As a result, PubSub may stop including entries from Blogger-BlogSpot feeds in the normal results it delivers to users. PubSub is also considering requiring that users explicitly opt in if they want to see results from Blogger-BlogSpot feeds, Wyman said.

"We may be forced to filter out everything from BlogSpot," he said. "That would be throwing out the baby with the bathwater. That's really unfortunate."

IceRocket.com, co-owned by well-known Net entrepreneur Mark Cuban, also said it would stop indexing Blogger-BlogSpot posts until it could get a splog filter in place.

Though it's difficult to measure exactly how big the splog attack was, Wyman said the number of RSS feeds that his service sends to subscribers more than doubled during the attack, from the 6 million or so it averages on a normal day.

Google said in the official Blogger blog that it had deleted more than 13,000 blogs during the "spamalanche."

As for the general threat of splog, blog search provider Technorati's State of the Blogosphere report estimated that 5.8 percent of new blogs overall, or about 50,000 posts on average, are fake or potentially fake.

Google criticized
Some affected bloggers complained that Google was to blame. "Google: Kill BlogSpot Already!" Pirillo wrote in his blog Monday.

"BlogSpot has become nothing but a crapfarm, and your brand is going to go down with it," he wrote. "If your motto truly is to do no evil, then you need to start putting some resources behind an effort to curb this train wreck."

In his frustration, Pirillo created a short video with screenshots showing him scrolling past the hundreds of splog listings in the PubSub RSS feed folder in his in-box.

Google's Jason Goldman, product manager for Blogger, said Google has been working to address the splog problem for a while, instituting precautions such as allowing users to flag suspicious blogs as potential fakes and prompting blog creators to manually transcribe distorted words to verify that the blog was created by a human and not a machine.

Goldman admitted that the weekend attack showed that those preventative tools are "broken" and serve as deterrents rather than outright solutions. He also said Google launched a feature Wednesday that would force suspected spammers to transcribe distorted words before pushing through individual blog posts. And he said Google is not alone in being attacked.

"Weblogs in general are having a problem with spam right now, not just Blogger," he said. "While it is a problem, it is certainly not the majority case on BlogSpot, at all."

Wyman said Blogger-BlogSpot and other blogging services should do more to monitor postings to keep spammers out. However, he defended Google, saying the company's blogging service was an easy target because it is simple to use, has an open API and is free.

"They've done a good job," he said. "That's the reason this is happening."