Tame Your Trolls

Internet trolls (read more about classifications) are a nuisance everywhere these days, and especially if you find them on your site. Troll Reduction has many techniques such as:

  • simply banning each one, but this can be seen as oppressing voice
  • making troll comments invisible to everyone except themselves
  • hiding negative rated comments
  • humiliation techniques, such as disemvoweling (removing the vowels) bad comments

Some clever Drupal module developers have come up with a fast and easy solution for any busy administrator:

  • Troll Misery creates seemingly random errors and lag of all sorts.
  • Troll Cave hides your troll away in the doghouse, making their handiwork invisible.

If you’d rather not see trolls on the internet at all, check out LifeHacker’s post on removing trollish comments.

Understanding Spam

The first step to defeating your enemy is to know them. Read more about what spam is, how it works, and how it’s done.

How Spam Works

Your email address is worth 1 cent. If it’s known that a living being is behind the address, it’s worth more. And if it’s advertising likes and dislikes are known, it’s worth around 20 cents. Of course, one email address is not going to do a spammer much good. Instead, they buy, sell, and harvest millions of email addresses at a time.

Unsubscribing to a legitimate email should be just that, but unsubscribing from a spam mail only means that there is a human who reads spam at that address. Men are 50% more likely to buy things from spam than women, which explains why so much of it are products for males. It’s also worth noting that it’s easier for a spammer to continue sending emails to non-existant, dead, or blocking addresses rather than to detect this and cease sending them.

Spam Email

Phising Spam Sample

Phising Spam Sample

With modern day aggressive spam detection that can automatically direct spam into the trashcan without the user ever seeing it or even prevent it from reaching an email address at all, spammers have also stepped up their game. They no longer use words easily detectible by bayesian (self-learning) spam filters such as male and female anatomical parts, and instead use ones that convey the same idea – ‘member’, for example. Other techniques involve using pictures, not including hyperlinks, adding books or quote text, or even including random garbage in the email to all try to avoid the recipient’s spambin. It doesn’t matter if the resulting email has misspellings, grammar errors, or makes no sense, because users are likely to read curious looking emails. What makes spam so easy is that it can all be done from a program that automates sending different email messages from a template to a plethora of unfortunate email addresses with a single click of a button.

Phising is also a common technique. It’s all too easy to fake sender email addresses, url links, and content, especially since so few people know to examine email headers for validity.


A botnet is a group of large compromised computers (usually in the thousands) used for spam mail sending and other malicious purposes. Botnets are either rented from other hackers or simply stollen. Botnets have made past headlines for sending massive amounts of spam ( Rustock Botnet Responsible for 39% of All Spam)

From The Spammer’s Perspective

It’s all too easy (watch a video of xrumer in action) to get started into the spam business, which is centered around our modern culture of instant gratification. $1,000 will buy 1 million email addresses, and referral sites will usually offer a portion of the sales (25%-50%). From there, a mass-mailer can be aquired for little cost, and mass-mailed in a matter of minutes. Of course, if the employment source decides not to pay up, there’s little a spammer can do. To avoid authorities and taxes, spammers employ money laundering techniques.

Product Buyer’s Pricetag Referral Profit Profit for 0.0001% of Sales to 1 Million Email Addresses
Male Parts Enhancer $300 25-50% %7,500-15,000
Online Casino $100 25%-50% $2,500-5,000

Forum and Blog Spam

Forum and blog spam works much the same way that email spam does, only with different guardians: spam blockers like Askimet and services like Captcha. Spammers obtain lists of sites by buying them, crawling for popular software, or simply by human inclusion. Forums simply employ captchas and other human validation techniques like logic puzzles, pictures, honey pots, and timing the form submission time to prevent spambot signups and posting. Since most forums and blogs use the same names for fields, automatic form fillers can easily generate random names and emails, and even register and validate spam email accounts.

Captchas and Other Validation

Some spambots can solve logic puzzles while most others have employed optical recognition (OCR) to crack traditional captchas and picture-puzzles. But that’s not all – spammers also have a black market for outsourcing to better captcha breaking services, or even to human solvers for as low as $1 per thousand captchas. With human crackers, a screenscraper is employed to send a copy of the image to the cracker’s screen who then types in the answer and sends it back.

Stack Overflow's Re-Captcha

Stack Overflow's Re-Captcha