Welcome back to Dirty, Slimy, Shady Secrets of the Web Hosting Review (Under) World - Episode 3! Read Episode 1 | Episode 2
Today's post features Rose Hosting. Who I refuse to link to because their whole business model seems to involve comment spamming this blog and other sources of information. What started with a simple spam comment sent me down a rabbit hole I wasn't prepared for and shed light on a fairly large spam operation that spanned multiple sites, but my primary focus became Quora with a secondary focus on the web hosting review sites also being manipulated.
Visualization of Rose Hosting Quora Spam Network. An interactive version is available at the end of the article.
It started with a simple spam comment.
The poster tries to compliment the post and then drops in a RoseHosting mention and praises it.
But wait, there's an IP address! Looks like they made a mistake this time.
So Miami Cloud Hosting is who owns the IP space that this comment came from. Let's see what comes up when I ping rosehosting.com
If you go to that IP, rosehosting.com shows up. So it's correct. Also if you look at their DNS:
So we're 12 IPs away on that A record. Let's check out that IP that actually responded on ARIN.
Bingo. Same Miami Cloud Hosting.
So fakeish looking name, an email with zero google search results and coming from the same IP space on a the cloud hosting provider that hosts RoseHosting. Pretty damning, but unsurprising to see some astroturfing, many of the bigger players just rely on affiliates to do it for them and look the other way.
But I'm not one to accept shitty behavior in this business and just look the other way.
Let's see how many more I can dig up. I recognize the Rose Hosting name and know they've spammed me in the past.
The pattern seems to be emails with nothing associated with them on google. There is a protected twitter account with the same username as Pablo, but that's about it.
Mike uses HideMyAss, a VPN service designed to hide identities. VPNs/anonymity have a lot of value, they also happen to be abused by spammers a lot. This pattern looks nefarious.
Jean's comment follows the original Oscar comment's template: compliment, rose host spam, compliment.
They all added in HTML with the rel="nofollow" because they probably realized Google can easily see comment spam and cracked down on it. Putting a nofollow link is supposed to preserve your SEO value by not associating it as a spam link (because it's telling Google not to follow it). Why are these supposed customers adding SEO tactics to their comments and trying to hide their identities?
The Boss Man
I also got this email from Bob, who I assume is the owner based on what's listed publicly and the interviews he's done on at least one other review site which I don't trust a bit, and won't link to either.
But it's all class, I want to get listed and pay a lot.
So at best they are a 'subtle' please promote me for money kind of web hosting company (which almost every host will do). At worst, they are comment spamming and potentially astroturfing/sockpuppeting web host.
Searching For More
I searched WebHostingTalk, the largest web hosting forum that has run forever and has over 9 million posts.
Just about everyone is talked about here. They have a company account that constantly posts ads. But how is it that in 14 years there are only 2 reviews and most of the threads are asking 'who?' Yet somehow, my blog is getting hordes of accounts recommending them. Another red flag.
Did they learn their lesson on WHT when an account got questioned about sounding like a shill? So the largest forum with 9,000,000 posts has basically nothing about them.
I kept searching and stumbled upon this gem on Twitter
I sense a pattern. Those crazy customers of ours who link to git and tomcat installation tutorials. Carl had a bit of a spamming spree according to Google.
Let's keep digging.
Sockpuppets and Patterns
Looks like I found Jean Debushy!
And again. Deep linking their ubuntu VPS on an ubuntu tutorial too, nice SEO tactic.
It's not a good spam campaign without hitting Quora!
So this name exists solely to promote RoseHosting and it all seemed to happen in October 2015. That's suspicious to say the least.
At this point it became clear that the sockpuppeting is more organized than I originally thought.
I started to search the other names I had been spammed from and easily found more bad behavior.
Oscar is alive and well it seems on Disqus. and DiscoverCloud.
The Smoking Gun
Quora was the gold mine for uncovering this spam network. Once I found a couple accounts on Quora, I could go through their history and see who upvoted their posts. It would be practical if you were running a spam network to have many accounts upvoting one another to give yourself more visibility. More upvotes, more traffic, easier for me to track it all down.
I discovered 51 accounts connected to RoseHosting and mapped out how they connected to one another. I took those same names and searched for their re-use across other sites. 10 showed up on Serchen, 3 on HostReview, 6 on DiscoverCloud, 6 on HostAdvice, 3 on TrustPilot, 1 on Reviews.co.uk - all industry review sites being manipulated by these same spam accounts. I also discovered 11 more accounts connected to various review sites and comment spam.
Rose Hosting Quora Spam Network
This graph charts the connections (upvotes) of RoseHosting associated Quora accounts. If you hover over a name it links to the Quora details and any other related content spamming like review sites.
I tried for months to reach out to Quora and have never heard a word from them. I did notice when I last checked (March 28, 2017) that at least some of the accounts have been banned. Maybe someone actually read my email and just didn't have the time to respond.
I have reached out to the web hosting review sites and will update as I hear back from them. The only company that did respond and acknowledged the issue was HostAdvice (not to be confused with HostingAdvice which steals Review Signal content to mislead its visitors).
Full Data Table Available on Google Docs
Thanks RoseHosting for having the decency to make sure you spammed this article as well. I am guessing your spammers don't understand irony. Or possibly the English language.
A new comment on the post "Uncovering the Rose Hosting Spam Network on Quora" is waiting for your approval
Author: Merritt George (IP: 220.127.116.11, cpe-75-86-176-9.wi.res.rr.com)
That's a great article! There sure are interesting parts of web hosting that people don't know about.
So hey I wanted to know if you do reviews on new sites? I was looking around and noticed that my current webhost, <a href="https://www.rosehosting.com/" rel="nofollow">Rose Hosting</a> wasn't listed and that's a shame! In a sea of companies with no scruples, they've stood out to me as a solid company that doesn't resort to shady tactics, delivers quality support, and has great uptime.
Would love to see a benchmark!
Bonus: Fake Review Screenshots