Manipulating Akismet to Silence Another

    November 15, 2006

So I was thinking about Akismet yesterday – I wonder if it could be abused to silence other people.

Lets think about this a bit – what do we know about Akismet? From everything I have read at the Akismet Website, we know that it weighs a variety of factors in the incoming message to determine whether it is spam or not. Note that this is not blacklist activity; rather the recognition sounds like it is run through a neural net of some sort for heuristic analysis. What factors would they be? Most likely they would include the user name, email address, as well as words and links in the subject and body of the comment.

So, how can this be abused?

Let’s say there is somebody you want to silence on the internet. The first thing you would need is his/her login credentials, such as their typical user name and the email address used. This can easily be retrieved by enticing a user to comment on your own blog.

Now that we have his name, and the email address used to post comments. Consider this scenario:

Lets say we were to start posting comments to other blogs using his credentials. Let’s link to a bunch of prescription drug sites, porn sites, and adultfriendfinder while we’re at it. After posting a certain number of comments like this, would Akismet begin auto-filtering this username and email address as spam?

What if we were to somehow spoof his IP address – what then? Would this be the final nail in his coffin? And how long would you need to keep it up for the identity to get to the point where it is automatically associated with spam? How many legitimate comments would need to be marked not spam’ before this person gets his identity back on the whitelist? If this is a possibility, it presents huge possibilities for abuse.

I would like to hear something from the Akismet team over this – this seems a little too simple, yet I have not seen any evidence that indicates that this is not possible. How about it? Can this be done? Or are the check in place at Akismet good enough to ensure that this won’t happen?



Bookmark WebProNews:

Did you like this article? Keep up with Brian’s expert search optimization tips and tricks at