Waxy.org is the sandbox of Andy Baio, an
independent journalist and programmer living in
Portland, Oregon. I created I consider myself fairly knowledgable in the world of comment spam, but this one leaves me completely baffled... Two comments were posted right after each other to two different entries, with two different e-mail addresses but identical text. Here it is:
IP Address: 85.65.41.131
Name: yellow antelope
Email Address: sjeiv@yahoo.com
URL: http://spaces.msn.com/members/rear-animels/Comments:
Think of every yellow antelope you know - they do not match! Enchanted experience of betting and gambling with yellow antelope http://spaces.msn.com/members/rear-animels/ yellow antelope is what I was looking for.
The MSN Spaces blog linked in the comment has only two entries, and they're complete nonsense. The text files they link to on 50webs.com make even less sense, since they have no hidden links and no apparent purpose.
Theoretically, they could be driving up the pagerank of these seemingly benign pages, and then replace them en masse with advertising pages... But why inflate the search engine ranking of the pages for terms like "purple clown" and "yellow antelope"?
June 22, 2005: More bizarre animal spam today, apparently from the same people as the antelope spam. This one uses Blogspot instead of MSN Spaces:
IP Address: 85.64.46.113
Name: protected animals
Email Address: eilzh@hotmail.com
URL: http://protectedanimals.blogspot.comComments:
The best protected animals in the world. protected animals tournaments are now available.
9:59 PM
Numbers stations?
10:09 PM
Perhaps they're trial-and-error exercises in Google-gaming technique: "If I post X on Waxy like so, Y gets PageRank of Z."
10:10 PM
There's similar nonsense over at blogspot.
10:56 PM
I'll second Jason's theory. The ones that make no sense are usually the ones that are either a) harbingers of upcoming spam attacks or b) just a test by someone who may or may not be using the information maliciously in the future.
6:33 AM
Maybe they're testing your spam system with seemingly meaningless information, since your blog is highly trafficked, in an effort to discern what keywords get flagged, what can go through, etc? Imagine a future where companies could sell that spammability research on hot blogs/sites?
Then again, that idea sounds as farfetched and, probably not valuable with how quickly anti-spam techniques adapt, but so do yellow antelopes and purple clowns.
8:09 AM
Enter the IP address into Google, and you can see where else this person has comment spammed.
Also, check with the Spam Huntress, she may know what's up...
11:46 AM
I'm agreeing with Jim's idea - ever get the hotmail spam with just a few lines of shakespeare with no URL?
That's probably just a way to check and see what accounts on their list don't fail when you try and send something to them.
11:59 AM
The IP address is from Israel. No sign of a webserver. It may be a home machine.
It's very slow at the moment.
That IP number has one hit on Google at the moment. It spamvertizes a gambling site, with this payoff:
Affiliate 682784 at 888.com
There's very little information to tie to a person. So this might be an experienced spammer.
The two spams may be from the same spammer, or not. Too little evidence to say for sure. Keep an eye on the spamvertized site, see if the content changes.
12:11 PM
That's not spam, it's high art!
3:04 PM
"That's not spam, it's high art!"
It's low art. Antilopes are too close to llamas. They're attempting to rip an already very large craze, the bastards.
10:17 PM
well purpleclown.com has been owned since 2000 but all of the other domains are open. now's the time to get on the ground floor of something big.
1:01 AM
Maybe someone's going to launch something that might become the next big craze on the internet and these spammers have inside info about that. I wonder if they mean the flower or the animal
6:19 AM
This is probably just a really annoying individual trying to Google bomb some worthless term. Just like that Pelican Shit guy over at Wikipedia a few months ago.
12:08 PM
This reminds me of the SNL parody of a very serious financial firm's commercial. It ended with an apology from the firm's president (played by Will Farrel) for their URL - "all the rest were taken". Their URL was:
www.clownpenis.fart
I woke up the kids laughing at that one.
2:30 PM
there are thousands of these on blogger. they may be encrypted terrist talk
12:22 AM
> Theoretically, they could be driving up the
> pagerank of these seemingly benign pages, and then
> replace them en masse with advertising pages...
Yes, that's exactly what's haappening. Other popular techniques include putting up a page that is supposedly by the host that claims the site was taken down for spamming. This gives the random visitor that want's to check who is spamming a good feeling and they don't pursue it further. And yes, I have even seen high profile technical bloggers fall for that.
In the end, the target pages always change their content, when PR-Power is needed.
> But why inflate the search engine ranking of the
> pages for terms like "purple clown" and "yellow
> antelope"?
Because it easier to get through. There are people around that are uncomfortable with deleting comments that may or may not be pure spam. And if it's not plainy spammy, but just crazy, it may not be spam (this is the intarweb after all).
11:07 AM
I recently experienced comment spam on my weblog that was advertising GOOGLE! I have given up trying to understand the way of the spammer.
6:56 AM
I've had fake Google referrers. They're usually tests. So the Google comment may be a test too.
If in doubt, delete the URL and leave the comment...
8:20 AM
Maybe he just wants to spread the word on Yellow Antelope?
8:53 AM
It's an attempt to put the tallywackers forth come hither. Enmasse route to the mother land. Only home boys know what color water runs. And deep too.
3:32 PM
it is probably someone testing tools.
8:52 AM
Looks like steganography to me. See http://en.wikipedia.org/wiki/Steganography
7:18 PM
I have never figured that whole nonsense spam thing out I get things that talk about my manhood after baiting me with "She see long distance for him gisert noddyy wad"
is this spam?
I went to
Learn Spanish in Costa Rica
but ended up in Myrtle Beach
10:39 PM
I think this is an attempt to google bomb the phrase "yellow elephant".
See http://patriotboy.blogspot.com/2005_06_19_patriotboy_archive.html#111933630881545776
About halfway down the page...apparently "Yellow Elephant" is the name of an anti-Republican crusade.
Extra credit if you figure out whether the bomber is pro-campaign or anti-campaign. :=)
11:57 PM
Perhaps it's just some innocent asian kid(s) practicing what they learned in engrish class, & showing it off to the blogosphere...
11:48 PM
Barak Internet in Israel owns the IP. I'm really thinking that there's some sort of intelligence outfit randomly peppering the Internet with coded messages for their operatives. Think about it - it's perfect for operatives, as they don't have to browse to obscure websites; they can simply appear to be yuppies browsing trendy weblogs. It's absolutely genius, and I hope our government is doing something similar.
9:36 PM
I too blogged about it few days days back without realizing you too had found it before.
Anyway here's my two cents.
10:10 AM
Maybe some drunk spammer accidentally replaced his gambling-dictionary with the animal-encyclopedia?
3:25 AM
I'm pretty sure that most comment spam is automatically generated these days. No English-speaking human could compose prose of such a bizarre nature. What kind of tools does MSN Spaces offer to compete with the likes of MT-Blacklist for Movable Type?
Over at my internet law weblog, I haven't had much of a problem with comment spam (but then, I don't get many comments :)). I require users to be TypeKey-authenticated and use MT-Blacklist to prune out everything else. Seems to work quite effectively.