The Other Canned Meat

Back in June (when this site was still running on Blosxom), I disabled comments because of the amount of comment spam I was receiving. Over the course of several years I built a number of anti-spam measures into my Blosxom install, but without a moderation feature, I could only respond to spam that got past my tests by cleaning it up after the fact. Eventually, it was just too much.

When I switched to WordPress in late August, I reenabled comments, because WordPress offers comment moderation. I even added the following note to my comment form:

Hey Spammers! Comments are Moderated, so please save us both some time and move along. No matter how many you send, they’ll never show up. Really.

To the best of my knowledge, not a single spam has made it through- but not for a lack of trying. On an average day, I probably moderate 50 or so spam attempts. On an average day, I probably get <1 real comment.

Nearly three years ago, Mark Pilgrim posted a warning to those trying to develop anti-spam measures. Some folks criticized him for being too pessimistic, but he was dead on. From that post:

Spammers are smart and determined, and people are numerous and stupid, and spam pays. You can’t make it not pay. Going after their ISPs won’t help; they’ll auto-register somewhere else. (Already happening.) Going after their upstream provider won’t help; they’ll cut deals with the backbone providers and keep going. (Already happening.) Going after them in court won’t help; they’re already living under friendly governments. (Already happening.) You can’t stop them with Turing tests; they’ll hire child workers to read your images and manually register/post/ping/trackback/whatever. (Already happening.) Then they’ll attack you with the power of 100 million owned Windows boxes and knock you off the Internet. (Already happening.) They will keep coming and coming and coming until you give up, go home, cry uncle, take Prozac, get a regular day job to replace the one you quit when being an anti-spammer became your full-time job.

And they have kept coming and coming. I often get several copies of the same spam commented on the same post, each using a different method of encoding links: one with html <a> tags, one with wiki-like [brackets], and one with raw link text. Why bothering to figure out what kind of comment system you’re targeting when your automated spam-bot and cover every contingency, shotgun-style?

A couple of days ago, I got one that almost slipped past me. The following comment was left on this post about mounting an OS X partition from Ubuntu:

heyas all. my 40 gig drive is going to good use now. I have installed UBUNTU and have ordered KUBUNTU. I dont know how to install the driver for my ati radeon 9600xt. Actually i dont know if i am meant to be downloading and installing XFREE86 or the XORG version of the driver. I am downloading them both but i dont know how to do anything in Linux really. I dont know where I am meant to set up my modem or set up a net account. (no INETWIZ.EXE) So yeah, can someone help me out with getting my ATI driver installed? and does anyone know of a good long PDF file i can read and wrap my brain around. I’m still a Windows user, but I want to use Linux as much as possible. Thanks. :)

At first glance, it looks like a typical cry for free tech support, only tangentialy related to the topic at hand, as seen on many a help forum and blog comment feed. If it were legitimate, I’d allow it, even though I expect no one to help. But I’ve learned that not every spam contains a link in the body text, so I always check the link to the commenter’s web site. The site address was, which looks like the kind of hokey “every variation on a theme” URLs that spammers and affiliate sites use. Even more curious, the authors email address was for the domain- similar but different.

So I tried a google search for a line of text from the comment. The first three matches are blog posts with the exact same comment posted. In a couple cases, they actual comment was showing up in a Recent Comments list on the side of the page, but the original post that drew the comment was actually about Ubuntu.

So what’s the point of this post? None exactly- just like Mark’s post above, I don’t have a solution. I only know that the problem is getting worse.

Both comments and pings are currently closed.

5 Responses to “The Other Canned Meat”

  1. Andrew Grant Says:

    Try using Askimet which is included with WordPress (although you’ll need to create a account to get a valid key).

  2. douglas.nerad Says:

    That is a most insidious spam. And I agree with Andrew; Akismet, though not perfect, is amazingly good and it’s caught tons of processed digital meat for me with only one false positive, maybe two dozen sneaking by, and just over 7,300 caught outright in the 10 months I’ve been using it.

    I wish the WordPress folks would make it easier to get a key than signing up for (and wasting) a subdomain of, but that’s their issue I guess.

  3. Jason Says:

    Thanks Andrew. I took your advice (and Doug’s) and installed Akismet. So far it’s caught a dozen since I set it up about 4 hours ago. Happiness ensues.

    I had always wondered why WordPress’s moderation screen had both a spam option and a delete option. Apparently, marking a comment as spam leaves it in the database. Once I enabled Akismet, it told me I had 1675 spam comments in the database. It’s been 62 days since I converted to WP; that’s a little more than 27 per day. Not quite the 50 I estimated above, but I think it started slow and ramped up.

    One other thing… when I signed up at, they now have an option to get just a user ID (no blog).

  4. robustyoungsoul Says:

    Wow. If only the power of spam could be harnessed and put to useful ends.

  5. chornbe Says:

    Spam, and all the crap I watched you go thru’ to get out from under it, is what chased me out of blogging the first time. The revolutionists have to revisit their “first kill all the lawyers” stance, I think.