Sleeper Spam Endangers Your Rankings – How to Fight Back

June 17, 2013

Google is penalizing sites that host User Generated Spam – How to get in front of the problem
Google recently penalized Sprint for hosting spam links in the community section of their website. The AdSense program disabled ad serving on an online community that hosted spam links.  While it’s always been AdSense policy that web publishers conform to Google’s webmaster guidelines, turning off AdSense for being spammed by someone else is different from the norm.  For this reason it is important to understand what Sleeper Spam is and how to get control of it. If you host User Generated Content (UGC) on your site from user product reviews, comments, or forum communities, your site is likely under attack and it’s possible to be unaware of the extent of spam hosted on your site. I have hesitated to discuss the following methods in public because I didn’t want to encourage thousands of spammers. Although some may accuse me of publishing a tutorial on how to spam forums and get away with it, the stakes have been raised by Google’s recent actions penalizing websites and disabling AdSense accounts. Web publishers need to know.  I have ten years experience owning and moderating my own award winning web community, plus ten years as a moderator at WebmasterWorld.com. I’ve learned a thing or two about how spammers operate. This article will discuss methods applied by spammers to sneak past your moderation, how to identify these sleeper spammers and lastly how to set up an adequate defense.

Sleeper Spam Methodology
I don’t know if these spammers are building inventory for a future client or simply using this as a technique to get past community moderation for a current client. What’s certain is that sleeper spammers are sneaking past the moderator firewall so they can lay their eggs in their member  profile or the signature line at a later date, after the discussions they’ve participated in are inactive.  Profile Builder spam creates links to their profile with every post they make, the link is in their member name and in links on the site to the member directory. The Sleeper Spammer waits for a later date to add the link.  Signature link spam is when a member drops a link in the signature line and posts various kinds of fluff, in order to create a context for the signature link. The Sleeper Spammer waits for a later date to post the link, so as to sneak past the moderators.

What makes them difficult to spot is that they don’t place links at the time they are active on your community.  Their goal is to seed your forum with posts, then wait until those posts become inactive and are out of view of the moderators. Once sufficient time passes they return and add their link by adding their signature link in the member profile and/or to their member profile itself, so that the link is linked from every post they made. That’s how they sneak their links past you. Now I’m going to show you how to spot them and get rid of them before they have a chance to spam your site.  

Post Parroting
A parrot post is a post where the spammer rewrites a sentence or two of what someone else has previously posted in the discussion. A variant to this technique is called Search Parroting, where the spammer Googles the discussion topic title and posts something from the first couple results, usually the first result. The goal is to seed the forum with posts that look legit so they won’t be removed by the moderators. The spammers themselves are low paid workers who are following instructions. They don’t know the topic of your forum. So they resort to Post Parroting and Search Parroting for something to post that will fit in and be overlooked by the moderators.

Post Parroting resembles “me-too” posts, posts that agree with a previous post and generally repeat the previous post. This would seem to complicate identifying a Parrot Post but it’s not difficult at all. A  Parrot Post can be identified by adding up the signals. The hallmarks of a Parrot Post is that they come from a new member and most tellingly the IP is from a developing country or is spoofed (the IP belongs to a hosting company, for example).  While this method is often used on behalf of North American and UK businesses, the spammers themselves are almost never from the U.K. or North America.

Clues in the Member Profile
I kind of don’t want to mention this one but I will. The member profile is a good place to review for signals that a member is a spammer. One signal is if the member lists “Internet” as one of their interests or hobbies. Must be a cultural thing in developing countries where the Internet qualifies as an interest or hobby. Another typical member profile signal to look for is when they list something like “Business” as their occupation. Of course there are some spammers who make it easy for us by listing their occupation as online marketer, but they’re usually the type who feel they have nothing to hide because they’re white hat (sarcasm). For someone running an online community, listing the Internet as a hobby and “Business” as an occupation is a signal that the member in question needs to be shown the door by way of a  steel toe combat boot.

 The Hello Post 
Spammers need to fill a quota of posts made on a site before they can move on to another community to spam.  Making an introduction is a common hallmark of a forum spammer, particularly a sleeper spammer. Community Forums are a honeypot for spammers interested in increasing their post count.  If you don’t have a Community type forum category, you might want to consider creating one. They help draw out legitimate forum members who are shy about posting but they also serve as a trap for catching spammers.

Stated Geographic Location  
Sleeper Spammers tend to want to hide their country of origin. Thus they’ll list their location as USA or Australia. You and I would never list our location as USA. That’s because we’re normal. A spammer on the other hand will tend to list their geographic location as USA or America.  Probably nine times of out ten, if you check the IP you will find that it originates in a third world country or is spoofing a North American or European web host IP address. If the IP does not match the stated location it’s time to lace up the combat boots.

Get proactive about protecting your community
Protecting your site from UGC spam begins with superior moderation. Whether your site is a newspaper hosting a community that comments on articles, a blog, or a traditional forum, there is no reason not to select your best community members and deputizing them as moderators. I will do a separate post on selecting moderators this week. Another defense is enlisting your members to help fight spam. The best way to do this is to set up a Report-a-Thread feature. All full featured forum software currently support a report function that empowers community members to report spam. WordPress has plugins for report-a-comment functions, although WordPress comments can also be moderated by other methods. Even a newspaper community can enlist moderators and add-in report a post functions. I can hear some people groaning that it will be abused, but abusers can have their posting privileges turned off. Trolls are another matter.

The bottom line is that Google is penalizing sites on two fronts, by keeping web pages from ranking and by disabling their AdSense accounts. That’s enough motivation to clean up spam. But if you care about the long term viability of your community, keeping your site properly moderated is imperative, even if Google wasn’t lighting a fire under your pants! :)

Article by

Previous post:

Next post: