Comment spam has been used by attackers for a wide range of purposes, and according to a new report from Imperva, 80% of the traffic associated with such activity is generated by just 28% of attack sources.
According to Imperva’s June Hacker Intelligence Initiative report, which analyzed more than 60 Web applications over a two week period in September 2013, 58% of comment spammers are active for long periods of time, with the majority of “spammy content” generated by just 17% of the entities involved in such activities.
Comment spam has become increasingly problematic for organizations and is being for everything from search engine optimization to malware distribution and click fraud.
For comment spam operations to be successful, attackers need to publish content on a large scale, essentially forcing them to use automated tools to facilitate the process. They use tools to harvest the URLs of relevant websites based on certain keywords, to generate comments, to post comments, and to verify whether or not a comment has been published.
Sophisticated tools are also designed to help attackers overcome the challenges associated with each activity ─ for example, some websites require user authentication, CAPTCHA forms or user details when posting comments.
As far as the targeted organizations are concerned, many have come up with various ways of mitigating comment spam. The list of techniques includes content inspection, source reputation analysis, demotivation (i.e., making comment spam useless), anti-automation, and manual inspection.
Identifying comment spammers early on and blocking their requests is one of the most efficient methods. Attackers can be blocked early on in their campaigns with the aid of IP reputation systems, Imperva noted in its report. However, experts have observed cases in which the attackers have used services like the Google App Engine, which allows users to run Web apps on Google’s infrastructure, to bypass reputation controls based on IP addresses.
“Comment spam attacks can cripple a website, impacting uptime and compromising the user experience,” explained Amicahi Shulman, CTO of Imperva.
“In our latest Hacker Intelligence Initiative Report, our Application Defense Center research team reveals that a relatively small number of attack sources create the majority of comment spam, oftentimes leveraging automated tools to reach a maximum number of targets. Quickly identifying the source of an attack and blocking comments from the source can greatly limit the attack’s effectiveness and minimize its impact on your website.”
The complete June Hacker Intelligence Initiative report is available on Imperva’s website.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
