Loading Profile...
Some nasty techniques used by Twitter Spammers
I wanted to alert everyone to some techniques that Twitter spammers are using. This is from a blog post from an SEO blog: http://snurl.com/246e0 . I'm not sure what the best way is to fight these techniques. Any ideas?
Here are some of the techniques described in this post:
1) Setting up a script to follow then un-follow people with the goal of keeping the Follower / Following ration about equal. This is very deceptive and puts an unnecessary strain on Twitter's servers. Twitter, whatever algorithm you're building to detect spammers should look for this kind of activity - i.e. the Following / Followers ratio isn't going to be enough.
2) Using a script to retweet random tweets from the public timeline. This adds zero value and once again, is an unnecessary strain on Twitter's servers.
3) And the nastiest of them all - using a CSRF (Cross Site Reference Forgery) on the spammer's web site so that the unsuspecting Twitter user follows the spammer without even knowing it. From the blog post...
"You can assume that at least some of the people you follow will check out your twitter page and then click through to see your webpage. Armed with this knowledge, you can get them to follow you back without them even realizing it. You do this with a little CSRF. On your page, call out this url: http://twitter.com/friendships/create.... Since they just came from your Twitter profile, you know they are logged in to Twitter. By calling out that url, you tell the Twitter system to make their account follow you. You have to set this up in such a way that you scrub out the referrer on the request, so a simple 1px iframe won't cut it. I'll leave that part to you guys to figure out."
Here are some of the techniques described in this post:
1) Setting up a script to follow then un-follow people with the goal of keeping the Follower / Following ration about equal. This is very deceptive and puts an unnecessary strain on Twitter's servers. Twitter, whatever algorithm you're building to detect spammers should look for this kind of activity - i.e. the Following / Followers ratio isn't going to be enough.
2) Using a script to retweet random tweets from the public timeline. This adds zero value and once again, is an unnecessary strain on Twitter's servers.
3) And the nastiest of them all - using a CSRF (Cross Site Reference Forgery) on the spammer's web site so that the unsuspecting Twitter user follows the spammer without even knowing it. From the blog post...
"You can assume that at least some of the people you follow will check out your twitter page and then click through to see your webpage. Armed with this knowledge, you can get them to follow you back without them even realizing it. You do this with a little CSRF. On your page, call out this url: http://twitter.com/friendships/create.... Since they just came from your Twitter profile, you know they are logged in to Twitter. By calling out that url, you tell the Twitter system to make their account follow you. You have to set this up in such a way that you scrub out the referrer on the request, so a simple 1px iframe won't cut it. I'll leave that part to you guys to figure out."
I’m concerned
Follow this discussion to get notifications on your dashboard.
-
Inappropriate?I don't really understand the third technique, but it's troubling. -
-
Inappropriate?Thanks for looking out for Twitter spam, however, I'm concerned about the Follower/Following ratio idea.
I've been helping several groups within Dell to get on Twitter. Since it's not just one Twitter for all of Dell, I felt it was important to have a way folks could see there were several Dell "properties" on Twitter. Hence, I set each one up so that it follows only other Dell Twitter properties as well as the Twitter account of the individual who's responsible for maintaining that property. I had suggested to Biz that if there could be a way to have "featured followers" separated out from the dozens or hundreds (or thousands) of followers one may have, then I could simply cross-reference all our Dell Twitters with that feature. Since such a feature has not been forthcoming, the only option I have is to have each Dell Twitter follow only a handful of other Dell Twitter properties while any given property may have dozens or hundreds of followers.
So, until & unless a "featured followers" system is set up in Twitter, the Follower/Following ratio idea for ferreting out spammers could mess us up.
Thanks again for your thoughts and efforts to keep us safe on Twitter!
I’m concerned
-
Inappropriate?Three f**kers who use technique #3 for collecting followers:
http://twitter.com/FanBase
http://twitter.com/MalEmery
http://twitter.com/PrivateMessages
*argh!* i can't even start to describe how angry i am with myself for actually falling for such a lame-ass trick.
I’m really annoyed with this crap
-
Inappropriate?blogging about this here http://www.seanpercival.com/blog/2008... -
Inappropriate?What about spammers that change their identity? Isn't the Twitter ID (a number) unique?2 Comments
Add a comment
-
Yes, your user id stays with you forever, even if usernames are changed. Otherwise, we would lose our followers/friends with name changes. -
I believe this feature no longer works, because I've seen people try to make (legitimate) links to it to make following them easier and they don't work.
-
Inappropriate?Could Twitter block referrer info from their domain so when a person jumps to a site from a twitter page, the landing page won't have the referrer info? Also, would it help if Twitter used session variables on their site and when a user clicked on an external link, it would kill the session and not transfer any account info to the landing page? -
Inappropriate?What about people using your Twitter account as a platform to promote their blog/Web site? I recently signed up to follow Seth Godin's blog on Twitter, or so I thought. Of course I could have missed any alleged fine print, but I thought I was following him and would receive tweets from him. Turned out that he used my Twitter account to make it look like I was a huge fan of his blog, posting a blurb and a link every time he had a new blog entry. He ended up using my account 12 times to link directly to his blog. I asked @problogger about this and he mentioned I should take it up with people at Twitter. Any thoughts?
I’m confused
1 Comment Add a comment
-
You're going to need to be more specific. If he's somehow posting on your account, did you give him your login? What's your account name so I (not a twitter employee, just another customer) can look?
-
Inappropriate?My account name is: slansing777
I'm not sure if there's a simple way to explain this, but here I go:
Seth Godin was using my account to post updates to his blog. My followers on Twitter assumed I was a huge Seth Godin fan because it looked like I was Tweeting about his posts to get them to go to his blog. Coworkers have been coming up to me saying: "I didn't know you were so into Seth Godin. You're Tweeting about him at 3 o'clock in the morning." While Godin's content is interesting, I wouldn't interrupt my sleep cycle to rebroadcast his blog entries.
I can't remember if I supplied my password when signing up for what I thought was to follow Seth Godin on Twitter. If I did, I assumed I was signing into Twitter in order to follow someone, which is what tends to happen if I receive an e-mail from a new follower.
Anything that links my Twitter account to Seth Godin's blog was not actually posted by me...and there are 12 (I counted using @TweetStats).
I e-mailed Godin about this and received an e-mail regarding my problem. He provided me with this link: http://feedblitz.blogspot.com/2008/09... to a site called FeedBlitz. I went to the site and now I am free of my Seth Godin Tweets.
Thanks for your reply. I'm just getting into the social media scene so I apologize if I haven't used the correct terminology.
Regards,
Scott Lansing
scottlansing777@gmail.com
Twitter: slansing7771 Comment Add a comment
-
Ok, so had you already deleted them? I still think you were just confused and saw his tweets in your twitter.com/home page which is like an rss feed of all your friends combined into one page, and assumed he was somehow posting to your account, which I really doubt. Unless you have some links to _your_ tweets that were _not_ posted by you, I have no reason to believe your account was hijacked to link to someone elses blog.
-
Inappropriate?Interesting.
What about the spammers that aren't doing anything bad, but just annoying.
some tweeters take all the posts from the timeline with a certain word, then re-post them on twitter
examples,
@twishes
@happytwitday
not harmful, but probably strains servers, and is just annoying lol
I’m Annoyed
-
Inappropriate?Thomas,
I do appreciate you taking the time to help me with my question, and I understand it's out of the ordinary. I went onto TweetStats, searched for my posts featuring the phrase "Seth Godin" and came of with the following link:
http://search.twitter.com/search?q=fr...
This link features 17 tweets with the phrase "Seth Godin." Twelve of these Tweets (beginning from the second to last, running in consecutive order) weren't posted by me but were posted through my account. The other five were posted by me.
I'm not sure if what happened involved my account being hijacked, nor am I looking to press charges or act on this matter in a negative/hostile manner. At the very most I would be establishing a dialogue about this who took an interest in what was happening with my account.
Again, thanks for your help.
Regards1 Comment Add a comment
-
Pretty interesting, have you since changed your password?
-
Inappropriate?No...should I? And have you ever seen something like this with Twitter? Perhaps considered spam or something else? And, may I use this conversation if I choose to blog about it? Thanks again.1 Comment Add a comment
-
I don't care, and yes you should, those were posted on your account not by you but by someone with your password, so you should definitely change it.
-
Inappropriate?For every attempt to de-spam Twitter (the same as any other social site), the spammers will come up with techniques to get around the blocks.
-
Inappropriate?I wonder if this is why the "find people by name or location" feature is down. It seems to be the one of the main methods spammers are using to find users. I'll get followed by a spammer that is only following people with "jesse" in their username or only people from the same location I'm in. Usually the spammer uses something like spammer8182 and only follows a few hundred people before it goes and generates a new account. -
Inappropriate?This is mainly to Scott Lansing:
http://getsatisfaction.com/twitter/to...
Turns out this is more common than I thought.
I’m sad
-
Inappropriate?I make sure I block any obviously-spamming accounts from following me, once I've determined what they're about. ALL of those, an average of 3 per week, are advertising for some porn business, follow thousands of people (and are followed by only a few), and have one single update. I manage Twitter accounts for five related websites, and blocking spam-following accounts ends up being some extra work, but I think I'm contributing in a small way to avoid giving these jerks any more web visibility.
Couldn't Twitter keep track of accounts which are often blocked? That would be a good clue to their spamming nature, no?1 Comment Add a comment
-
Actually, they do keep track of block counts. They've mentioned this publicly before, and I don't care to find a reference.
-
Inappropriate?Thanks, I guess.
