Blog Comments – Analysing 100,000 Comments and Spammers

“Nice blog, thanks for the info”

“Awesome site. Great job”

“You should take part in a contest for one of the best blogs on the web. I will recommend this site!”


I know you like flattering comments on your website. And I know you love to see many comments on each one of your posts (say you community participation). Who doesn’t, right? We love them too.

So we decided to take a closer look at the last 100,000 (well, 98,238 to be more exact) comments that were sent to the network of sites that we are monitoring. How much of them are spam? Who are the most annoying spammers? And things like that.


Read More

Sucuri SiteCheck – Web Malware Distribution – April 2012

When we see a compromised site distributing malware, it is often done via 4 methods: Iframe, Javascript, Spam or internal redirections. Those are not the only ways, and they can be encoded or hidden differently internally on the sites, but the final output on the compromised sites is generally one of them:

  1. Iframe injection: It makes the browser loads content from external (and malicious web sites). Example: <iframe src="http://pokosa.com/tds/go.php?sid=1" ..
  2. Javascript injection: Used to encode (hide) calls to iframes or additional remote javascript includes. Example: <script>d= Date ;d=new d();h=-parseInt("012")/5;if(window.document)try{new document.getElementById(“qwe”)…. (this code redirects users to the blackhole exploit kit)
  3. .htaccess (or conditional) redirections: Used to redirect anyone visiting the site from search engines (or specific user agents/ referers) to malware or spam content.
  4. Blackhat SEO spam: It is not really malware in the sense of the word (since it won’t infect anyone visiting the site), but it is still harmful for the webmaster and the site’s reputation (imagine a corporate site redirecting to a viagra  online  store).

April / 2012 stats


Read More

Top linked sites – What webmasters are linking to

We scan hundreds of thousands of sites daily here at Sucuri and while analyzing some of the data we got interested on what sites are getting the “link love” more often.

By link love, I mean what “do follow” links most webmasters have in their sites? After extracting the data from the last 500k scans we did, those were the top:

  1. 6.9% – www.facebook.com
  2. 6.4% – twitter.com
  3. 2.8% – wordpress.org
  4. 2.6% – youtube.com
  5. 1.9% – feeds.feedburner.com
  6. 1.2% – www.linkedin.com
  7. 1.2% – www.google.com
  8. 1.1% – validator.w3.org
  9. 1.1% – wwww.adobe.com
  10. 0.9% – www.addthis.com

So it means that 6.9% of the sites had a link to facebook, 6.4% to twitter, etc. I was actually surprised to see validator.w3.org ranked so well. We would be in a much better place if even 1% of the sites validated properly.

It also shows the force of WordPress, with almost 3% of the sites linking there (and probably using WordPress).

Those were the top 30:

  1. www.facebook.com.
  2. twitter.com.
  3. wordpress.org.
  4. www.youtube.com.
  5. feeds.feedburner.com.
  6. www.linkedin.com.
  7. www.google.com.
  8. validator.w3.org.
  9. www.adobe.com.
  10. www.addthis.com.
  11. www.flickr.com.
  12. www.myspace.com.
  13. feedburner.google.com.
  14. www.blogger.com.
  15. www.macromedia.com.
  16. statcounter.com.
  17. www.amazon.com.
  18. www.addtoany.com.
  19. www.wordpress.org.
  20. creativecommons.org.
  21. bit.ly.
  22. en.wikipedia.org.
  23. facebook.com.
  24. www.statcounter.com.
  25. www.liveinternet.ru.
  26. www.histats.com.
  27. feeds2.feedburner.com.
  28. www.apple.com
  29. www.gnu.org
  30. www.stumbleupon.com

It is also interesting that people are linking to shorten URLS (bit.ly) so often too. What do you think? What sites do you have linked in your own sites?