SpamWars: The Spampire Strikes Back

So here I was, idly checking my Bloglines feeds and lamenting the fact that I had nothing to blog about tonight. Silly rabbit, be careful what you wish for. Poing! New Mail. No, wait… 6 new e-mails in the 5 minutes since the last automatic check. That never happens. Must be comment spam on the ol’ blog.

Indeed. Not only that, but all of the spam comments showed up in my inbox as new comments, not spam attempts. This means my anti-spam measures have failed. Several months ago, I suffered a severe spam onslaught, which lead to my disabling comments for three weeks. When my comment system returned, I had implemented several changes to help stop the spam. I even kept the details to myself to slow the spammers from catching on. Looks like they’ve caught on.

My countermeasures included rejecting all items without a referrer, and changing the default value in a hidden comment form field used by the Blosxom writeback plugin. Nice try. Tonight’s spammer is much more sophisticated. Each post came from a separate IP address. Referrer is present and correct, and the User Agent string looks innocuous, although I’d bet it’s a bot. The posts came in groups of three, and for each group of three I can see a single IP address GETing the original post plus other pages (archive links, etc); however the two “sniffer” IPs are different.

These little weasels deserve all seven levels of Dante’s Inferno and a couple of new ones I just thought up. For now, I’ve shut off comments. Looks like I’ll be setting up the blosxom port of the MT blacklist very soon. Sorry for the inconvenience, feel free to email me in the interim. Unless you are a spammer… you may feel free to (Extremely violent and anatomically questionable recommendation censored).

Both comments and pings are currently closed.

Comments are closed.