Sneaky spam in conversational replies to blog posts

Hacker News Top News
spam blog-comments ai-generated casino-spam antispam

Summary

A blog post highlights a new spam tactic where AI-generated conversational replies sneakily embed casino links, evading traditional filters.

No content available
Original Article
View Cached Full Text

Cached at: 04/23/26, 12:46 PM

# Sneaky spam in conversational replies to blog posts Source: [https://shkspr.mobi/blog/2026/04/sneaky-spam-in-conversational-replies-to-blog-posts/](https://shkspr.mobi/blog/2026/04/sneaky-spam-in-conversational-replies-to-blog-posts/) I'm grateful that my blog posts attract lots of engaged, funny, and challenging comments\. But any popular post also attracts spammers\. I use[Antispam Bee](https://antispambee.pluginkollektiv.org/)to automatically eradicate a couple of hundred crappy comments*per day*\. ![Graph showing 272 comments blocked in a single day.](https://shkspr.mobi/blog/wp-content/uploads/2026/04/Antispam-Bee.webp) Nevertheless, some get through\. Here's a particularly pernicious one \- it appeared as three comments ostensibly in reply to each other\. ![First "I read that article about why it’s so hard to passively track friends’ locations, and it actually makes sense. It talks about wanting automatic alerts when friends are nearby, but no app really does it well because of privacy and social awkwardness." Second "Yeah, and even if the tech exists, people don’t always want to share their location 24/7. It’s like checking promos on spam domain promotions you might see potential, but there’s always uncertainty behind it. You’re kind of taking a chance on incomplete info." Third "Exactly. Most location features are opt-in for a reason. Apps require consent because constantly tracking someone without them knowing would feel invasive, even if the intention is harmless."](https://shkspr.mobi/blog/wp-content/uploads/2026/04/spam-comments.webp) At first glance these look like normal comments\. They each address the content of the blog post albeit somewhat superficially\. The first comment looks like it was from a social media post sharing my link \- I get a lot of those as pingbacks, so it initially didn't trigger any suspicions from me\. The second is ostensibly a reply to the first and continues the conversation\. Again, a bit shallow, but seems to be engaging in good faith\. The third looks like yet another reply\. They all have unique email addresses, none of them have set their username to anything overly odd, and none of the users have filled out their URl\. But notice, in the second one, there's a link to a dodgy casino\! There's no`https://`so it didn't jump out as a link\. All three came from the same IP address in the Philippines, so easy to block for now\. Each reply is spaced exactly 3 minutes apart which, in retrospect, looks a little odd\. Re\-reading them carefully, they all look like AI slop\. A plausible sounding summary, written in a casual style, but with very little semantic content\. Seeing them as replies to each other primed me to think they were genuine because I'm used to spam coming in individual replies\. Having the spam in the middle comment made it easy to glaze over\. Remember, there are no technological solutions to social problems\. Sticking more and more barriers in the way of commenting only discourages genuine replies while the profit motive incentivises spammers to work around them\.

Similar Articles

He Manipulated AI Search With 50 Articles (Exposing GEO/AEO)

YouTube AI Channels

SEO operator Kasra Dash showed that 50 self-referencing listicles reliably hijacked rankings inside ChatGPT, Claude, Gemini, Perplexity, Grok and Google AI Overviews without backlinks, and the URLs kept being cited even after deletion.

How the Proxy Ecosystem Prevents the Spamming of Recommendation Information?

Reddit r/AI_Agents

The article discusses the risk of AI agents becoming channels for spam-like product recommendations and explores potential governance mechanisms, such as quality ratings and transparency requirements, to prevent the ecosystem from being polluted by low-quality or deceptive content.

Designing AI agents to resist prompt injection

OpenAI Blog

OpenAI publishes guidance on designing AI agents resistant to prompt injection attacks, arguing that modern attacks increasingly use social engineering tactics rather than simple string injections, and advocating for system-level defenses that constrain impact rather than relying solely on input filtering.