Loading Profile...
Some nasty techniques used by Twitter Spammers
I wanted to alert everyone to some techniques that Twitter spammers are using. This is from a blog post from an SEO blog: http://snurl.com/246e0 . I'm not sure what the best way is to fight these techniques. Any ideas?
Here are some of the techniques described in this post:
1) Setting up a script to follow then un-follow people with the goal of keeping the Follower / Following ration about equal. This is very deceptive and puts an unnecessary strain on Twitter's servers. Twitter, whatever algorithm you're building to detect spammers should look for this kind of activity - i.e. the Following / Followers ratio isn't going to be enough.
2) Using a script to retweet random tweets from the public timeline. This adds zero value and once again, is an unnecessary strain on Twitter's servers.
3) And the nastiest of them all - using a CSRF (Cross Site Reference Forgery) on the spammer's web site so that the unsuspecting Twitter user follows the spammer without even knowing it. From the blog post...
"You can assume that at least some of the people you follow will check out your twitter page and then click through to see your webpage. Armed with this knowledge, you can get them to follow you back without them even realizing it. You do this with a little CSRF. On your page, call out this url: http://twitter.com/friendships/create.... Since they just came from your Twitter profile, you know they are logged in to Twitter. By calling out that url, you tell the Twitter system to make their account follow you. You have to set this up in such a way that you scrub out the referrer on the request, so a simple 1px iframe won't cut it. I'll leave that part to you guys to figure out."
Here are some of the techniques described in this post:
1) Setting up a script to follow then un-follow people with the goal of keeping the Follower / Following ration about equal. This is very deceptive and puts an unnecessary strain on Twitter's servers. Twitter, whatever algorithm you're building to detect spammers should look for this kind of activity - i.e. the Following / Followers ratio isn't going to be enough.
2) Using a script to retweet random tweets from the public timeline. This adds zero value and once again, is an unnecessary strain on Twitter's servers.
3) And the nastiest of them all - using a CSRF (Cross Site Reference Forgery) on the spammer's web site so that the unsuspecting Twitter user follows the spammer without even knowing it. From the blog post...
"You can assume that at least some of the people you follow will check out your twitter page and then click through to see your webpage. Armed with this knowledge, you can get them to follow you back without them even realizing it. You do this with a little CSRF. On your page, call out this url: http://twitter.com/friendships/create.... Since they just came from your Twitter profile, you know they are logged in to Twitter. By calling out that url, you tell the Twitter system to make their account follow you. You have to set this up in such a way that you scrub out the referrer on the request, so a simple 1px iframe won't cut it. I'll leave that part to you guys to figure out."
I’m concerned
Follow this discussion to get notifications on your dashboard.
-
Inappropriate?I don't really understand the third technique, but it's troubling. -
-
Inappropriate?Thanks for looking out for Twitter spam, however, I'm concerned about the Follower/Following ratio idea.
I've been helping several groups within Dell to get on Twitter. Since it's not just one Twitter for all of Dell, I felt it was important to have a way folks could see there were several Dell "properties" on Twitter. Hence, I set each one up so that it follows only other Dell Twitter properties as well as the Twitter account of the individual who's responsible for maintaining that property. I had suggested to Biz that if there could be a way to have "featured followers" separated out from the dozens or hundreds (or thousands) of followers one may have, then I could simply cross-reference all our Dell Twitters with that feature. Since such a feature has not been forthcoming, the only option I have is to have each Dell Twitter follow only a handful of other Dell Twitter properties while any given property may have dozens or hundreds of followers.
So, until & unless a "featured followers" system is set up in Twitter, the Follower/Following ratio idea for ferreting out spammers could mess us up.
Thanks again for your thoughts and efforts to keep us safe on Twitter!
I’m concerned
-
Inappropriate?Three f**kers who use technique #3 for collecting followers:
http://twitter.com/FanBase
http://twitter.com/MalEmery
http://twitter.com/PrivateMessages
*argh!* i can't even start to describe how angry i am with myself for actually falling for such a lame-ass trick.
I’m really annoyed with this crap
