I saw my first instance of blogspam on Webword at the start of October. Someone had used a “comments” form to place an ad at the bottom of one of John’s postings. At the time, I commented on how easy this would be to do in bulk. Given how simple this is, I expressed a small measure of surprise that it isn’t done more often.

Well, it is now.

Yesterday I found an article at The Laboratorium (via BoingBoing) which talked about how spammers are starting to manipulate blog comments. This in turn pointed me to Mark Pilgrim’s site, where he discusses the problem in further detail.

This “comment spam” comes in addition to “referer spam” (see also here), which I have started noticing here on Sunpig already. I had been playing around with a referer script the other week, thinking that it might be cool to show what other pages link to this site, but what seemed cool last week seems slightly worrying now.

Basically, the problem is that you are allowing other people to update the content on your site. Comments, trackbacks, and referer listings all allow other people to manipulate your web site. This is a cool feature because it makes for a more dynamic ecosystem of discussion, but it’s a risk because you might not always like what the other people make your web site say.

And it might not even just be a risk of annoyance (spam) or a security risk (autodiscovery of your mt.cgi script, followed by a dictionary attack). What happens when someone uses your web site to post libellous comments about someone else, or pornographic pictures, or even gasp the DeCSS source code? Other people may have written it, but it’s on your web site. Could you be legally liable? Is a disclaimer message enough to divert responsibility?

Fortunately, Mark’s article shows that we have some really clever people on the case already. Unfortunately, given the success (or lack thereof) that anti-spam solutions have had with email, it seems likely that blogspam is here to stay. We can try to minimize it, but it isn’t going to go away any time soon.