on Apr 14, 2006
A few items to note about comment spam:
It seems to come in waves, or cycles. Yesterday I got more spam than I have in the past week. Normally this would lead you to believe that one spammer has started pounding away at the site, but that doesn’t seem to be the case here. I wasn’t keeping count until afternoon, but I’m guessing I got about twenty or thirty so spam comments a all day, and each one seemed to come from a different IP. There were a few common types, and for my own purposes I’ve categorized them:
- Mr. Brown-noser – Posts a plausible-looking comment like, “I agree! I hope others write about this as well! I love your site.”. It’s clumsy and generic enough to stand out, but I have to actually look at what URL they link before I chuck them in the bit bucket.
- Mr. Lotsa Links – Obvious spam. The posts are just page after page of keywords and links.
- Mr. Sneaky – Posts comments to really old posts with just one or two links, hoping they will escape my notice and remain for search engines to find. If I didn’t check the admin page I might miss these ones.
- Mr. Infomercial – Has lots of “helpful facts” about whatever he’s linking, which is usually generic meds.
Each of the above has just a few variants they re-use, but these are the four distinct types I see. (Each one has other characteristics, like what types of bogus usernames and emails they provide and the type of bold / italics tags they use.)
Anyway, I wonder why the cyclical nature? It is possible that the coming long weekend (which had already arrived in some parts of the world, like Australia) provided the spammers with time off from their normal day jobs. (Clubbing baby seals, most likely.)
Maybe its just a coincidence. Maybe my site has propigated to another group of them.
Sometimes I block the IP of one of these spammers if I already have the admin window open. However, I suspect this is a waste of time. I’m wondering if these changing IP’s aren’t from guys who are using wireless hotspots or internet cafes to do their dirty deeds. If this is the case, then blocking them is a waste of time, and in fact creates a (very, very slight) chance that a legit visitor will arrive on the same address at some point and get rejected.