Every once in a while, a comment spam manages to get past both Bad Behavior and Spam Karma. Oddly enough, it always seems to be on the same entry: “Abuse Contact” is not an invitation.
I guess spammers like a challenge as much as anyone else.
Tag: blogspam
Fully Random Spam
The blog spammers must be getting desperate. The only other explanation I can think of is courtesy (keeping offensive language out of the posts), and I just can’t ascribe that motive to them.
The latest attack on this site consists of randomly-generated alphanumeric strings. Name? ah87fdfbqpo3q9483fhc. Email? ahsdhufs@q98hf4i4whfcia487f.com. URL? augfagfwi7832hr732rh8732fcfiuh.example.com. (I assume they have a wildcard DNS set up for random subdomains.) Content? Try something like “ads78shafi7 uigiutgw87n srgn743fnufc42.” (I’m typing my own gibberish, just in case the plan is to search for particular strings and see which sites have actually posted.)
The “advantage” of this approach is that there is no content to filter. No references to pills, poker or porn, no common phrases, not even empty generic statements like “I really like you’re site” and “Your an idiot” with links tossed in. It’s just a bunch of meaningless letters and numbers and a link. After all, the link is all the spammer needs, to get that coveted PageRank.
Oh, about that link? Easily identifiable. SURBL-style lists eat them for breakfast, and Spam Karma has been snacking on these all morning. *chomp*
Distributed Blog Spam
Yesterday morning, I remarked to Katie that it seemed odd that with the vast number of “zombie” computers infected with remote control programs via viruses, trojans, spyware, etc., their primary use so far has been sending spam. After 7-odd years of distributed computing projects ranging from demonstrating weaknesses in encryption schemes to searching for extra-terrestrial radio signals via SETI@Home, and reports that access to zombie nets is selling on the black market, you’d think someone out there would be trying to crack into the DoD or something. (That last link refers to phishing attacks, but the current form of phishing is very tightly coupled with spam.)
Last night I saw proof that zombies are at least branching out a little: they’re not just being used for email spam, but they’re also being used for comment spam. Starting around 8:30, someone started posting pairs of comments every 20-30 minutes. The content and links were identical each time, except for some random numbers in the (probably bogus) email and at the end of the body… but the IP address was different each time.
I caught it around 10:00, added “poker” to the list of moderation triggers, figured they’d give up when they saw their comments weren’t posting, and after another 3 pair (that’s not a legal hand, is it?) I just closed comments on the two posts.
Update 6pm: After a long afternoon dealing with server recovery issues, I checked my email and found about 40 “Please approve…” notices, starting around 1:45 and running all afternoon. All from the same blog spammer. A bit more aggressive than yesterday’s, because they hit a new post every time, but this batch all went straight into moderation. You’d think after you posted 20 comments and none of them showed up, you’d get the clue that it’s not worth posting 20 more…
Update 9am: I installed a plugin last night to block those comments from even reaching the moderation queue. Then laaate last night I noticed that it was screwing up comments with apostrophes, so I disabled it. The moderation notices started coming in immediately. 60 of them from around midnight to about 6am this morning. And none were ever displayed on the site. (Thank you, WordPress!)