Are You Being Used?

Have you heard of Fiverr yet? Fiverr is a service that launched back in February of 2010 as a tool for people to sell simple goods and services for five bucks. Maybe that’s planting a tree in your honor in the rain forest, or sending a letter to a random soldier, or belching your name on video. Pretty much anything goes. It’s not a terrible idea, strictly speaking, and is a nice way for people to make a little extra money doing something they’re good at.

So, what does this have to do with higher ed, and why should you care? Well, simply, this.

Search Results on Fiverr for “edu”

Search Results on Fiverr for “edu”

It’s no secret that there are plenty of black hat SEO techniques for link farming. This is also far from the first time someone tried to leverage the .edu TLD for link relevancy (Note: it seems pi.edu has finally gone away, without much fanfare. No one misses it.). On top of it, odds are you can’t make Fiverr stop these listings. Because screw you that’s why. At least, I suspect that’d be the subtext of the answer you’d get from them.

How Does It Work?

Simple, spider services have created lists of things like blogs and wikis that have unmoderated change or comment systems. The people offering these services buy or pirate those lists. In some cases, they have tools that automatically submit to sites on the list. Then you watch the spam start coming in. Anyone that runs a WordPress site understands how much trouble spam can be. If you’ve ever wondered where it comes from and why, this is a pretty good start.  In the end, the provider or their software tries to pass as a legitimate commenter and includes a link in the post text or author site (if you include the author’s link on their name) which then shows up, they get paid, and you get polluted.

This is a much less offensive and less dangerous version of account hijacking that we’ve seen in the past, where faculty, staff, or student web space hosted by the university is taken over and used as a landing page host or to drive backlinks and keywords.

What Can You Do?

Shut. Down. Everything. Okay, not really. But seriously, do review your moderation and approval processes for your blogs and wikis. Anything someone can contribute to should be reviewed to make sure you haven’t created a target. Keep some of these in mind (adapt to your environment):

  1. Don’t ignore your sites and security settings.
  2. Try simple steps like requiring at least a first post to be approved before users are whitelisted.
  3. Look at third party commenting services like Disqus or Intense Debate which have tools for addressing this that are better than yours.
  4. Many CMS’s have plugins that can provide more robust comment protection. For instanceAkismet is common for WordPress. I’ve had success with Spam Free WordPress.
  5. Add moderation or extra steps to comments containing links.
  6. Make sure links in comments are set to come through with rel=”nofollow” enabled.
  7. Limit faculty and student abilities when it comes to setting up and configuring sites, blogs, wikis, etc.
  8. Allow visitors to vote down or mark comments as spam.
  9. Turn off commenting after a certain length of time or when a blog is discontinued but still available.
  10. Set up a routine to audit your sites for this kind of spam ever X months.

None of these suggestions will likely work on their own. Some may or may not work at all in some cases. There’s no real silver bullet to the problem, as long as humans are willing to do the work manually for companies for $5.00. But, you can at least try to minimize your risk of exposure by making the effort for the spammers cost more than the time it’s worth. When they get through anyway, if you’re monitoring properly you should be able to delete the comment and blacklist the user or IP quickly enough that it becomes apparent you aren’t a high value target. The bottom line is to be vigilant, active, and take responsibility for the sites and services you’re offering that could be targets for these types of tools. Fiverr is far from the only way to accomplish this (see?), but what really matters is preventing the end result.


Photo Credit: cc icon attribution small Are You Being Used? Some rights reserved by 666isMONEY ☮ ♥ & ☠