Wednesday, November 30, 2005

How to ID Spammers

People are asking how I ID'ed the spammer in a previous comment. It works like this: when a person registers a domain he or she has to provide contact information. That information is publicly available and can be accessed through what's called a WHOIS lookup. When you go to a website that offers a WHOIS service you simply type in the domain name and it can tell you who registered it. Now, many websites that offer a WHOIS lookup don't give you the registrant's contact info anymore. Here's one that does. Note that sometimes registrants lie or make up contact info, or they've started using business addresses instead of personal ones. But when you do get the individual's address, then that's a bonus! When someone spams your blog, look at the domain they're trying to lure people to and do a WHOIS on that domain name. If you get their home address or email, then you can Google the email address and see if they've been posting on forums... you can get all kinds of personal info. Using the address you can get their property tax info from their appraisal district. You can probably do even more, like if they're a registered voter, but I think that was enough to make my point. In fact, the spammer I exposed a few days ago appears to have changed the WHOIS contact info to a business address. I can only hope I instigated the change. Heh.

5 Comments:

At 10:08 AM, Anonymous Anonymous said...

You forgot to include evil laugh at the end of your post. :-P

Nora

 
At 2:02 PM, Blogger John said...

It's me. j/k

 
At 3:29 PM, Anonymous Anonymous said...

Yeah, John has a tendency to lurk. LURKER!

Nora

 
At 9:46 AM, Blogger Robert said...

Cool! I've always wondered why spammers weren't easier to identify (the money has to go somewhere). What puzzles me more than anything is why someone would actually buy something from them based on a blog comment. One I saw was an advertisement for windshield glass (oh yeah, I've been meaning to get that fixed).

IP searches usually give more misses than hits. Many of the big Internet Service Providers use dynamic IPs for their customers (which can change) so the IP searches usually lead back to the Internet Service Provider and not the customer. Their one advantage is you can identify someone who may be visiting and posting under different names (or anonymously).

 
At 10:24 AM, Blogger John said...

You're right about the unreliability of using IP addresses to identify people. It could work (the RIAA does it, those bastards) but only the ISP knows who is who.

I guess technically you're not identifying the spammer by identifying the company responsible for the spamming, but I operate under a presumption that only a person with a pecuniary interest in the site's traffic would bother to create blog spam for it.

One reason I can think of for adding links to your site on others' sites may be to increase your Google status (sites with more links to it are listed first, as I understand it). It's also useful for Google bombing: make a hyperlink and name it something. When the bots read it they associate the link with the name and a search on the engine will return it. It explains why a Google search on "miserable failure" returns George Bush!

 

Post a Comment

<< Home