Read on to find out about the tools the Internet spammers have at their disposal, and more importantly how you can protect your online presence against them.

Note: I’ve decided to deliberately censor the names of some of these tools. I chose to do this, not the editors of MakeUseOf, because these tools are for the most part unethical and dangerous. These tools are technically classified as blackhat, and stand a very high chance of getting you and your site banned from Google if you are caught using them. You have been warned.

X-?????

This is a truly vicious little Windows tool that’s able to automatically register and post profile links to popular online forum systems. Defeating this software is a daily battle for most forum webmasters, and often results in wide ranging IP bans. Once a spammer IP address is identified, it’s reported to a community database and stored. An entire industry has arisen which offers to run the software for you, saving you the trouble of worrying about IPs, usually by making use of their own vast database of hacked proxies. $50 will nab you around 10,000 profile links.

One way to make sure your forum site isn’t inundated is to make sure you’re always running the latest version of trusted open-source software. While it won’t stop them registering, it does avoid the complete spam takeovers that occur when a backdoor is discovered in old forum software.

Luckily, Google is now very efficient at identifying sites using this technique. It’s a foregone conclusion that if you use this software or purchase these services, your website will be de-indexed from Google, never to return again.

?????Box

This one is a blog mass-commenter, but many claim it can also be used legitimately. The process is quite simple – using a series of proxies, you ‘scrape’ Google for blogs that are relevant to your keywords – maybe as many as 50,000 sites – then systematically post the same (or spun) comment to each blog, under a fake name, fake email, and whatever links you want. The result of this is poorly worded and grammatically incorrect comments which usually have nothing to do with the original article – AKA comment spam.

Another common tactic is flattery. You’d be surprised how many blog owners will actually approve a comment just because it says “Thanks for this wonderfully useful post, I’ll be sure to bookmark your site!“. Sometimes you’ll receive seemingly innocent non-spammy comments that don’t contain a link – but don’t be fooled – spammers know that if one comment is accepted, most blogs are set up to automatically accept their next comment. So after a single spam campaign, they repeat the whole thing using the same name and email – this time in the hope that their first comment was accepted and they are now free to post whatever link they like. If one site fails – who cares, there’s another 49,999 to try!

The best defence against this kind of spam? Akismet will catch a lot of it, but if you want to be really sure, add a comment Captcha plugin or require users to be registered. We have previously covered a number of methods to stop spam and you might also even consider switching over entirely to Facebook comments.

??Nuke-?

This software is prohibitively expensive for most at around $150/month, but it’s the most powerful automated promotion tool out there. With a built in database of thousands of forums, blog providers, social networks, press release and article sites, it can automatically create multiple online personas - registering accounts all over the place, posting some links or articles, and making itself relatively indistinguishable from a regular user in the process. And all with automated proxy rotation, error recovery and multi-threaded browsers. Scary stuff – and you can even design your own attack plan.

Luckily, it doesn’t target individual blogs, but rather the services that provide free blogs or resource sites – so you don’t have to worry about defending against this one. It may however give you pause for thought about how much relevance we should be placing on social signals in search..

Proxies & Decaptcha Services

We cover a lot of proxy services and VPNs here on MakeUseOf, usually a way to get around a corporate or school firewall – but hiding IPs is also essential to those who spam the Internet. Rather than simply using a single proxy though, they will purchase a list of hundreds and cycle through them.

I touched on decaptcha services before in my article Everything You Ever Wanted to Know About Captchas. By utilising systems that forward the captcha image to third world countries, spammers are able to take advantage of incredibly cheap labor to accurately solve captchas for them.

Spin Text

One problem that spammers find is that the same content posted over and over again is very easily to identify and therefore block. Spinning was therefore invented as a way to automatically and very slightly alter various parts of the content, and in the most basic terms means swapping out words with ones that have a similar meaning.

Writing out these variations by hand is painstaking work though, so most spammers rely on an automated spinning service – which explains why the majority of spam you see seems to have the most ridiculous English ever. It’s not written by foreigners, it’s auto-spun.

Anyway, I hope this has been an interesting little tour into the underground world of Internet spammers, and hopefully armed you with a little more knowledge on how to defeat it. For those of you looking to learn more about these tools and how to obtain them – sorry, this is one topic I won’t be divulging any more details on! If you are looking at promoting your website through legal or ethical methods though, I suggest you check out my previous article on 8 Proven Ways To Make Your Blog Popular, or subscribe to my own personal site, Make Money Blogging, where I regularly address the topic.

Image Credit: ShutterStock

You Shall Not Pass (The Turing Test)!

Captcha’s were invented by a team of Carnegie Mellon professors and put into first use around the year 2000 by AltaVista and Yahoo, in an attempt to prevent automated chat bots and URL submissions. It is in fact an acronym for Completely Automated Public Turing test to tell Computer and Humans Apart.

For those of you who don’t know what that means, it may help to explain what the Turing test is. Named after British professor Alan Turing, the Turing test is the standard test of an Artificial Intelligence based machine, whereby if a machine can pass the test, it is considered to exhibit intelligent behaviour. Essentially the test involves conversing with a number of judges through a text interface – if the judges can’t tell they are chatting to a computer, it passes the test. Personally, I’m of the opinion that the Turing test is useless, on the basis that a dolphin couldn’t converse with a human either, yet we attribute them with a higher form of intelligent behaviour. But I digress.

The CAPTCHA therefore, is an automated Turing test. There are a number of different ways of doing this, but the most common one that we seem to have settled on is to present the user with a scrambled form of text, assuming (often incorrectly) that any normal human will be able to decipher the text.

The CAPTCHA has evolved over time, but has ultimately been defeated as we’ll find out later.

Text-Based CAPTCHAs & The Re-CAPTCHA Project

The reCAPTCHA project, now owned by Google, decided that instead of inanely deciphering cryptic text for no real good, it presented a fantastic opportunity to correct the shortcomings of computer-based Optical Character Recognition. For older books especially, computers find it very hard to recognise the words, whereas a human finds the tasks trivial. Combine the task of digitising old books with spam prevention, and you’re onto an absolute winner.

However, if the computer had trouble recognising the word in the first place, how can it tell if what you wrote in is nonsense? Simple – present the user with TWO words – one of which is known. The system assumes that if the user correctly types the known word, then the chances are that the unrecognisable word is also correct.

Another ingenious idea is to combine the CAPTCHA with some form of advertising.

Math Problem

OK, the picture is a joke, but essentially the user is presented with a basic math problem. We use a similar system on the Answers site right now. It needn’t be difficult, just some basic addition.

Image-Based CAPTCHAs

As difficult as some of the ReCAPTCHA codes can be for you and I sometimes, software has already been developed which can break the code with about a 30% success rate – which for a spam campaign with millions of tries is quite an acceptable rate. Images on the other hand are extremely difficult to process for computers semantically. Think about a simple cat picture – programming a computer to recognise a human face is hard enough, but to distinguish a cat from all the other animals and objects in the world is pretty much impossible at this point in time.

Logic-Based

These rely on logical and semantic intelligence about the world, or just basic common human sense. Some examples might be:

• Identify the food in this list: asphalt, bacon, cloud, dagger.
• Identify the weapon in this list: asphalt, bacon, cloud, dagger.
• How many doors are on a four-door car?
• What is the third word in this sentence?
• What’s left if you remove the B from ABC?

A great plugin to integrate these kind of tests into your WordPress comment system is WP-Gatekeeper, by the way.

De-CAPTCHA Services

The sad fact is that while CAPTCHAs are a necessary evil, they are easily overcome by spammers nowadays. While some spammers have indeed developed sophisticated software that can mimic the human eye and brain to decode like a human does, the truth is far more simpler and more horrific. Why develop expensive software when you can pay someone pennies to do the CAPTCHA for you? The current cheapest going rate is $1.39 for 1000 CAPTCHAs, with a 98% accuracy rate, and services such as Death By Captcha have developed elaborate APIs for developers to use. The only person being slowed down by CAPTCHAs nowadays, is you!

The Future Of The Captcha

Like everything else in life, CAPTCHAs are not impenetrable to hacking or spamming. As new and more ingenious tests are devised, ever more sophisticated ways of breaking them will be developed – and the solution of paying someone else to do them for you can never be defeated. Even so, it’s our responsibility as web developers and admins to keep spammers away from our sites without degrading user experience.

Are you shocked to learn how cheaply a CAPTCHA can be defeated for? Have you seen any other kind of CAPTCHAs out in the wild that impressed you? Let us know in the comments! Also, be sure to check all the funny pictures tagged “captcha” over on Geeky Fun.

Image Credit : xkcd

With all of your personal information and photographs posted on Facebook, the last thing you want is to find that your account has been hacked or accessed without your permission. We’ve put together a list of ways that you can protect yourself from the latest scams, making sure that your Facebook account is never compromised. Also be sure to check out Tina’s article on how to get instant alerts about the latest threats, whether on Facebook, or anywhere else on the web.

Follow The Sophos Blog

Antivirus developers, Sophos, report on the latest Facebook phishing scams practically on a daily basis on their blog, Naked Security. There seems to be no limit to the rogue applications preying on people’s curiosity, or the desire to activate certain features on their Facebook profiles through these apps. Sophos is one of the best sources today when it comes to Facebook scams.

SafeGo

BitDefender’s SafeGo is a Facebook application designed to keep users aware and protected from spam and any kind of threat that might be floating around Facebook. SafeGo scans your profile for any suspicious links, and you also have the option of allowing the app to automatically post a comment to your wall when a threat is detected.

Facebook Security

Another place to find tips and tricks to stay safe on Facebook comes directly from the source. Facebook’s Security page is constantly being updated with ways to protect your account.

Look For The Signs

Aside from all of these tips and tricks, the most important thing that any person can do is use common sense. See who it was that posted the link and ask yourself how likely it is that they would share something that begins with OMG You won’t believe this! or would they really write to you, through Facebook of all means, if they were stranded in a strange city?

If you receive emails that claim to be from Facebook, always analyse the email address they came from and the link they want you to click. Facebook notifications always come from Facebookmail.com.

What To Do If You Unwittingly Clicked That Link?

If you feel that you may have been the victim of a Facebook phishing scam, the first thing you should do is change your Facebook password. If you’ve linked your Facebook account to other online services, it would probably be best to change the passwords to those services as well.

If you’ve granted permission to an application, you can revoke permission through your privacy settings. Navigate to your Privacy Settings, and at the bottom of the page, click ‘Edit your settings‘ under Apps and Websites.

You will be taken to a page featuring the latest apps you’ve authorised. Click the ‘Edit settings‘ button.

From there you can delete any apps that you have mistakenly authorised by clicking the small ‘x’ next to the app.

How do you keep your Facebook profile safe? Have you been the victim of any phishing attacks? How did you deal with it? Let us know in the comments.

Image credit: Shutterstock

The Canadian based company, NuCaptcha aims to do something about that. Instead of cryptic images, they’ve taken captcha security to a new level, by using videos.

This opens up a whole slew of possibilities on how the captcha can be used – one of which is a new advertising resource for websites to bring in revenue, and for advertisers to get their message out. After all, it seems like one of the easiest ways to find a captive audience.

With the Basic Package, users have no control over the exact video that will be played. That said Basic features include a choice of themes, such as environment, sports or abstract themes, and up to 25,000 NuCaptchas per month.

Upgrading to the paid Engage Package will give users complete control over the ads, Captcha copy and formats. According to NuCaptcha, where most services make you choose between security and revenue – they give you both. No mention is made on the site, however, of how much you have to pay to get in on the service.

So how does it work? NuCaptcha is a video stream, and not a flash program. As they point out on their website, it would not be secure to create a Captcha in Flash. With HTML5 and mobile support, the system works on mobile phones, on the four browsers, Firefox, Safari, Chrome and Internet Explorer, and on tablets.

With NuCaptcha’s video based security system, the Captchas are easier to decipher, and more secure – so in the end – everyone wins.  What do you think?

Out of 724 total votes, Grooveshark took the largest percentage on 24%. Pandora followed closely on 22%, while Last.fm managed to reach 17%. YouTube Music took 14% of votes, while a modest 6% went to Spotify. Shouotcast, Rhapsody and Slacker each took between 2-4% of votes, while all other services listed took less than 2% votes.

Full results and this week’s poll after the jump.

So, if you love your online music, it looks like Grooveshark, Pandora and Last.fm are the way to go.

This week’s poll question is: When did you last see SPAM in your inbox?

Yes, we’re asking about email inboxes, despite how much real-life SPAM you get in your letter box.

We realise many people use Gmail these days and that cuts SPAM incredibly, but sometimes they still get through. We’d also like to hear from those of you cutting your SPAM out in other ways. What do you use? Let us know in the comments!

Many bloggers or website owners that have commenting systems have to deal with this dilemma and I’m sure they share the same frustration. It seems that even if you’ve enabled comment moderation, that doesn’t stop spammers from automatically submitting garbage to your comments form. Last week, after spending a full 25 minutes deleting hundreds of spam comments from the moderation area, I decided that I’d had enough.

This is a dilemma that many website owners have to come to terms with. Do you require that commentators register to your site before commenting? That would completely shut down spam, but it would also virtually shut down commenting. Most people simply don’t want to take the time to register.

The only other solution that really works is one that many people are already turning to every day – using Captcha. There are a lot of decent Captcha script packages and plugins out there, but I think the best is one that was briefly noted in the MUO Directory a while back called ReCaptcha.

Use Captcha Or Not?

Now, a lot of site owners don’t want to use a Captcha system, because many of them are really annoying. Have you ever tried reading some of those “human-only readable” text smudges? The reason I like ReCaptcha is because it is not only really easy to install on a blog or a website, but the challenge is one that your readers will be able to fly through in seconds – but it’ll stop those stupid spammers cold in their tracks.

This was my comment form before installing ReCaptcha.

As you can see – no challenge at all, just a simple submission form with a “Submit Comment” button. Now, this wasn’t entirely my fault, because I downloaded a high-quality theme and this was the comments form that came with it – no anti-spam scripting included.

Because of that, the mess above is what I was faced with almost every week. Hundreds and hundreds of stupid, meaningless, annoying garbage comments. So, I decided it was high time for a Captcha system, and ReCaptcha is noted throughout the web as being one of the best ones out there. The real question is how difficult will it be to install, can I install the Recaptcha embed response in-page, and how functional is it?

The first step in setting it up is signing up and downloading the appropriate files for your situation – for WordPress that’s loading the wp-recaptcha folder into “wp-content/plugins“. ReCaptcha is available for WordPress, PHP, phpBB, Drupal, Joomla, Coldfusion, Java and all sorts of other platforms and programming environments. Read the intro page to learn more.

In every case, you’re going to have to sign up with a ReCaptcha account so that you can obtain a Public and Private key.

In WordPress, once you activate the plugin and go into the Recaptcha item under settings, you’ll discover how functional ReCaptcha really is. You’ll first need to fill in your public and private keys so the plugin will work.

You’ll notice that you can make ReCaptcha a bit less annoying for registered users by hiding it. It’ll also secure the registration form. Best of all, you can enable the MailHide feature, where ReCaptcha will convert every single email address published on your site into a link with the actual email address hidden – preventing the email address from getting lifted by spammers that crawl the net.

This is great for WordPress users, but what if you have a website written in PHP? The Recaptcha website details simple instructions for just about every setup you might face. For example, inserting ReCaptcha into a PHP page is as simple as adding this element to your form submission.

<form method=”post” action=”verify.php”>
<?php
require_once(‘recaptchalib.php’);
$publickey = “your_public_key”; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
<input type=”submit” />
</form>

Obviously, you’ll need to have the code for verify.php and the recaptchalib.php file uploaded, but all of that is provided in the download package. It’s very simple to install ReCaptcha on any site and on any platform. It’s so effective in fact that it’s the app recommended on the official Google Webmasters blog.

So, now that I’ve installed it, this is what the comments area now looks like.

Type in the wrong response, and the page simply reloads with the following error listed over the ReCapcha box.

OK, it’s only been running for a little while, but while I used to receive dozens of spam messages a day, I haven’t received a single one yet. It is surreal. I have so much free time now, I might have to take up golf or something.

Do you use a spam-blocking tool or script on your own website? What’s your preference and why do you like it? Share your insight and tips in the comments section below.

We get quite a lot of spam here at MakeUseOf, but then so does anyone with an email address these days. Even if your email’s not public, many users get targeted by so-called “dictionary” attacks against their email providers. One solution is to use temporary email addresses, but if you’re already receiving a lot of spam then the problem’s going to remain.

So if you’re can’t see your inbox for junk and need a break from hitting “delete” then maybe you should try one of these free services.

Gmail

Ok, so it’s not a spam blocker per se ““ but it’s one of the many features you can take advantage of and it gets the job done. Gmail uses a spam filter known as Postini, which is usually a commercial affair. By using Gmail you’re essentially getting a very expensive spam filter completely free of charge.

The beauty of Google’s email service lies in the ability to connect your bog-standard POP3 accounts, allowing you to “collect” your mail from Google’s web interface. Gmail’s advanced spam filtration will help filter all incoming messages, and any detections will be labelled accordingly and kept out of sight.

Once you’ve registered (choose a good spam-proof address), you can add an address under the Accounts tab in Gmail’s Settings. You won’t need to go quoting your new email, as you’ll still effectively be using your old accounts.

Using the Send mail as tool in the same configuration panel will allow you to send email from the addresses you’ve added too, and all you need to check and send mail is a web browser.

Spamfence

What’s better than one email address? Two, it would seem.

With integrated virus protection, this spam filter works by forwarding mail from your main (probably public and spam-riddled) inbox through the Spamfence filters and on to another private “clean” email address. Any messages that are detected as spam along the way will be marked accordingly, and you have full control over what is done with these messages.

The service adds a subject header to each message, so if you want you can allow everything through and make your own rules up with your client. Think of the extra virus protection as a free gift, not that the service will cost you anything.

Spamihilator

If you’re a Windows user with a mail client such as Outlook, Thunderbird or Eudora then chances are you’ll be looking at a solution you can download and run alongside your existing setup. Spamihilator is just that, and it even claims to have a 98% success rate.

The filter sits between the big bad internet and your client, removing messages it deems to be spam. You can also train this filter, so after a while it’ll know what to do based on your previous decisions. There’s a training area to help get the learning process started, and you can even add specific words to a blacklist (thus removing future emails featuring these words).

That’s not all, there’s also link filtration and the ability to download plugins. Spamihilator provides a load of protection from spam, and it’s completely free.

MailWasher Free

The only program on this list with a commercial bigger brother, MailWasher Free is a simple program that can help clean up your POP3, IMAP or webmail email address. Download the program, connect to your email and preview as many incoming messages as you like before deciding whether you want to download them or not.

Using a similar Bayesian filter as Spamihilator, this program will also learn from your actions and train itself to adhere to your rules once you’ve made a few spam-busting decisions.

Being the “Free” version, you’re limited to a maximum of 1 email account (and lose out on search, a customizable interface and updates). This isn’t so bad, the free version really is free (forever) and if you do decide you really like it, then you could always treat yourself.

Conclusion

Spam’s just as annoying as it ever was, but with a couple of clever moves on your part you can help minimize it. If you’re feeling a little more adventurous, check out Ryan’s guide to setting up SpamAssassin on Windows. And don’t forget to mix it up, for example connecting your POP3 mailboxes to a Gmail account, through Spamfence and then onto another clean account will probably work wonders for your junk email problems.

Hackers can exploit holes in your software, you could run into a novel virus before the definitions of your antivirus tool are updated, or you might fall for one of many new phishing emails. You will never be 100% safe.

One more precaution you can take is to stay up to date with the latest threats. Learn about the traps before you’re stuck in the middle of one.

This article summarizes feeds, email newsletters, and other means of staying informed about the latest new computer viruses and phishing emails.

spamNEWS

The spamNEWS blog provides frequent updates on anything that threatens your digital experience. Besides spam, you will also find updates on phishing attacks, security vulnerabilities, or Facebook scams.

This news blog relies on several sources for its information, including Sophos, Secunia, MessageLabs, and SecureWorks. It’s the perfect central news resource for the curious, but not overly worried among you.

spamNEWS RSS Feed

Sophos

Sophos is a company that has specialized in the protection of information. They offer a range of products, from data encryption to email security. They also provide several RSS and Atom feeds that addresses the latest threats.

RSS Feeds:

• Latest virus alerts
• Latest suspicious behavior and file alerts
• Latest PUA alerts
• Monthly Top 10 viruses
• Daily Top 10 viruses
• Daily Top 10 hoaxes

For links to the respective Atom Feeds, click the Sophos link above. You will find the list of all feeds on the right hand side.

Trend Micro

Trend Micro became famous for its browser-based virus and malware scanning tool HouseCall. Meanwhile, the tool has grown into a full-blown standalone and browser-independent application.

Apart from a list of informational RSS Feeds (see below), Trend Micro also provides two interesting tools: the Threat Resource Center widget, which you can add to your website, Facebook, or Google page; and the ThreatWatch app for your iPhone. Obviously, both of them will alert you about new security threats. Get both of the tools here.

RSS Feeds:

• Malware Blog
• Security Blog
• Internet Safety for Kids and Families Blog
• Newest Malware Advisories
• Security Advisories
• Malware Top 10
• CounterMeasure

Symantec

Despite often being criticized for its notoriously bulky software, Symantec remains one of the leaders in the field. Naturally, the ‘Threat Landscape’ is closely watched by this company. The Threat Explorer provides an overview of the current threats, risks, and vulnerabilities.

Below are the respective feed links. The threats can also be viewed in Symantec’s ‘Internet Threat Meter‘, a desktop widget for Windows and Mac, powered by Yahoo! Widgets.

RSS Feeds:

• Threats
• Risks
• Vulnerabilities
• Virus Definitions Status

McAfee

McAfee is best known for its antivirus program. Being one of the major players in the field, the company must frequently update its antivirus definitions to keep its customers safe.

McAfee provides an overview of current threat activity. At the bottom of the list you can also sign up to McAfee’s ‘Security News and Special Offers’ newsletter (see link below), which promises to shower you with virus alerts.

Newsletters:

• Consumer Threat Alerts
• Security News and Special Offers
• Avert Labs Threat News
• Avert Alerts

If you’re neither interested in RSS Feeds, nor email newsletters, you may be a social network addict, who prefers to work with status updates. Below are some Twitter resources related to virus, malware, and phishing alerts.

Twitter

• MessageLabs
• Websense Security Labs
• Malware

With these feeds and updates to your email inbox you should always know what is waiting to get you on the other side of your security setup. What is the worst security threat you ever had to deal with on your work or home computer?

Image Credits: zvon