Relating country of origin and forum spam

I spent 3 May wondering what Nigeria’s internet is like

A few weeks ago I spotted and deleted some spam posts made on Whirlpool by a Chinese iPhone knock-off manufacturer. These were cleverer attempts than most — at least they attempted to generate a plausible thread of discussion. Most spam we get is the same obnoxious crap filling your email inbox.

“if you cannot afford iphone, this is a good choise, but don't expect it has all iphone features and works as well as iphone. The most exciting thing is it can zooming pictures by two fingers, just like iphone.” (source)

The thread continues with other users (having the same IP address) participating in a mock discussion about how remarkably adequate this product is, each one linking to the manufacturer or distributor.

Immediately, I wondered if I could detect what country the user was from — China, according to their IP address — and whether this might be a tip of the iceberg that could be fully revealed with better reporting tools. After all, the site caters to Australian users fairly exclusively; surely anyone who visits from other countries are more likely to have nefarious intentions. So I got to work importing the MaxMind GeoIP database and cross-referencing users who registered in the past twelve months against the country identified and whether they ended up banned by a moderator. Here's the result:

Chart depicting countries and the rate of banned users

This chart shows the percentage of users that ended up banned, broken down by identified country of origin. Satellite services aren't bound to a specific country, and are therefore counted separately. These numbers don't discriminate based on the reasons for banning, so spammers, assholes and rule-breakers have been lumped together. Still, the results are intriguing.

Surprisingly, the United States is fairly low on the list. They're the second-most common country of origin after Australia; with UK, India and Canada rounding out the top five. Yet their rate of undesirable users is barely above average.

The top five countries by rate of spam — as well as fitting neatly into their stereotype — have now been earmarked for special treatment, and justifiably so. I spent a week observing the actions of new users from these select countries, and found constructive participants to be overwhelmingly rare.

4 comments

That's actually quite interesting. You do wonder how they actually find whirlpool? I only heard about it through the APC magazine. I presume they just go trawling the internet looking for innocent forums to spam....?

Matt

Mαtt
2008-May-21, 7:38 pm

In my experience, satellite provider IPs are the source of most Nigerian spam; it's the only way cybercafes in Lagos can connect to the Internet. Cellphones and self-proclaimed "legitimate businesses" that claim to be based in the UK? 419? Nigerians.

India is the most prolific and persisitent source of spam on my site; everything from profile spam to "here's a helpful site" drive-bys. Many SEO companies are based in India.

Spam from Israel: mostly Russian immigrants that are responsible.

The Philippines seem to be the source of a lot of employment-related spam; resume services, nursing agencies, and so on.

The US? Very little spam comes from there, in my experience. If it's not a proxy IP that spits out at some server farm, it's mainly just guerrilla marketing for bands and the like.

Dan
2008-May-22, 3:12 am

I think the large gap between third and fourth is pretty interesting.

llama009
2008-May-25, 11:27 am

It would also be interesting to see if this changes over time - 6 or 12 months.

Cheers,
Andy :)

andy
2008-Sep-22, 5:04 pm









(no HTML)