Connect with us

Hi, what are you looking for?



Majority of Comment Spam Generated by Small Number of Attackers: Imperva

Comment spam has been used by attackers for a wide range of purposes, and according to a new report from Imperva, 80% of the traffic associated with such activity is generated by just 28% of attack sources.

Comment spam has been used by attackers for a wide range of purposes, and according to a new report from Imperva, 80% of the traffic associated with such activity is generated by just 28% of attack sources.

According to Imperva’s June Hacker Intelligence Initiative report, which analyzed more than 60 Web applications over a two week period in September 2013, 58% of comment spammers are active for long periods of time, with the majority of “spammy content” generated by just 17% of the entities involved in such activities.

Comment spam has become increasingly problematic for organizations and is being for everything from search engine optimization to malware distribution and click fraud.

For comment spam operations to be successful, attackers need to publish content on a large scale, essentially forcing them to use automated tools to facilitate the process. They use tools to harvest the URLs of relevant websites based on certain keywords, to generate comments, to post comments, and to verify whether or not a comment has been published.

Sophisticated tools are also designed to help attackers overcome the challenges associated with each activity ─ for example, some websites require user authentication, CAPTCHA forms or user details when posting comments.

As far as the targeted organizations are concerned, many have come up with various ways of mitigating comment spam. The list of techniques includes content inspection, source reputation analysis, demotivation (i.e., making comment spam useless), anti-automation, and manual inspection. 

Identifying comment spammers early on and blocking their requests is one of the most efficient methods. Attackers can be blocked early on in their campaigns with the aid of IP reputation systems, Imperva noted in its report. However, experts have observed cases in which the attackers have used services like the Google App Engine, which allows users to run Web apps on Google’s infrastructure, to bypass reputation controls based on IP addresses.

Advertisement. Scroll to continue reading.

“Comment spam attacks can cripple a website, impacting uptime and compromising the user experience,” explained Amicahi Shulman, CTO of Imperva.

“In our latest Hacker Intelligence Initiative Report, our Application Defense Center research team reveals that a relatively small number of attack sources create the majority of comment spam, oftentimes leveraging automated tools to reach a maximum number of targets. Quickly identifying the source of an attack and blocking comments from the source can greatly limit the attack’s effectiveness and minimize its impact on your website.”

The complete June Hacker Intelligence Initiative report is available on Imperva’s website.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...