Sucuri – The United States presidential campaign is going full force, and it’s been a doozy. We don’t typically get involved with political situations, short of cleaning some of the crazy defacements we see, this is an exception.
This election campaign has brought its typical bashing via commercials, the usual rhetoric we see in interviews, and even those cool vote for (plug in your favorite candidate) stickers. My personal favorite was the vice presidential debate which left me feeling like I was on the grade school playground making faces and sticking my tongue out at the resident bully.
Times have adapted a bit, and the tactics have changed along with the advancements in communications, and social interaction. Twitter discussions boasting crazy statistics, Facebook posts about how awesome each candidate is, all of these have even spawned interesting debate and discussion in my own social groups.
Apparently, the crazy and debatably bad tactics stem beyond the historical mediums into our lovely world of geek. I guess it was only a matter of time.
We have drummed up a couple of theories on how this happened, ultimately it’s up to you to decide. More on that at the end.
Campaign Battle Ground
We are seeing some signs of these political battles extending to the online world, beyond the typical, and it’s a little disturbing to be honest. This morning Mashable.com put out a post showing numbers on which candidates website was faster, Obama vs. Romney. I clicked through and found myself, as I often do, taking the domains they had listed and running a quick scan on Sucuri SiteCheck.
Ah boy, what did I find on the first site I scanned (mittromney.com):
In the Mashable article, there were 4 domains listed, mittromney.com being the only one blacklisted. I did find it pretty cool that GOP.com runs on WordPress, although they are due for an update, get on that folks!
On the Trail
I went and checked out the domain, and the first landing page you get is a signup form. I thought that may be causing some redirect anomalies which over time could have caused us to blacklist the site.
That wasn’t the case, everything came up clear there. As we started digging a bit, we started to see the issue, it was clear. With over 650 SPAM entries across various blogs noting mittromney.com, it’s no wonder our blacklist engine flagged the domain.
Here are few of the SPAM comments we flagged across 39 different websites:
[email] => [email protected][url] => http://www.mittromney.com/issues[comment] => Love your blog!
[email] => [email protected][url] => http://www.mittromney.com/issues[comment] => Awesome post! I will keep an on eye on your blog.
[email] => [email protected][url] => http://www.mittromney.com/issues[comment] => Awesome writing style!
Similar variations were sent to dozens of websites that allow “do-follow” links in the comments. The SPAM was sent from 39 different email address, and is coming from different IP addresses and random user agents to try to look like real users commenting:
188.8.131.52184.108.40.206220.127.116.1118.104.22.16822.214.171.124.. and many more…
I think what I find the most curious is that some of the IP addresses being used are already well-known and flagged for bad behavior. As an example: http://www.stopforumspam.com/ipcheck/126.96.36.199
We’re still researching, and will definitely update on any changes or additions.
Who is Declared the Winner?
There you have it, the details of what we found. In closing though, here are a couple of quick theories to stir the pot
Was this a case of a Romney intern trying to get some link love for his/her candidate? Did they decide to use spammy comment tactics to trick folks into increasing site traffic? Or, are we seeing the Obama camp geeks setting up Romney for failure? Is the incumbent squad playing dirty by using SPAM in a way that can be used later to call out the other party?
You can make your own determination as to how this has happened, and to be honest it will be hard to tell. I would compare it to a game of Clue, was it Colonel Mustard in the study with the candlestick?
In the end, I am so looking forward to seeing what the anti-spam policies (if any) will look like in the coming 4 years.
Leave a reply