I've had a really stubborn (or really stupid) Russian spammer trying to post comment spam here most of the morning. He (or she) has made hundreds of attempts, a very few of which temporarily got by me until I adjusted my
spam patterns to reject new drug terms I hadn't seen before.
Of course these attempts surely are automated - I can't imagine a human
failing so many hundreds of time and yet persisting in his attempts. But shouldn't even a robot check back to see if the spam actually took? I've seen that sort of pattern with other spammers - a few failed attempts and they give up. Not this guy - post after post after post.
Interestingly, what these guys do is first make a few nonsense posts. Those will have a garbage link usually and random sequences of letters for text. Apparently the purpose of these is to see if they CAN post, or perhaps to test their robot. The real spam attempts follow these, though sometimes not for a day or so.
Most of these guys use multiple IP addresses. This one was unusual in that he used the same IP every time. It doesn't matter to me: I'm watching for patterns, keywords and destinations, not IP's.
I log every bit of it. That helps me learn new drug keywords and new destination links to block. This guy has several dozen sites he ran through, and a dozen or more keywords - most of which I've seen many times so they automatically trigger rejection.
After five hours of hammering, it looks like he may have finally given up. That almost makes me sad - he was fun to watch.
I know that sometimes my spam traps interfere with legitimate comments. I apologize for that and want you to know that I am constantly adjusting the code to avoid false positives, but this spammers blitzkrieg shows why I have to use strong defenses.
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Anthony Lawrence
Find me on Google+
© 2010-05-21 Anthony Lawrence