Watching a Spammer

I've had a really stubborn (or really stupid) Russian spammer trying to post comment spam here most of the morning. He (or she) has made hundreds of attempts, a very few of which temporarily got by me until I adjusted my spam patterns to reject new drug terms I hadn't seen before.

Of course these attempts surely are automated - I can't imagine a human failing so many hundreds of time and yet persisting in his attempts. But shouldn't even a robot check back to see if the spam actually took? I've seen that sort of pattern with other spammers - a few failed attempts and they give up. Not this guy - post after post after post.

Interestingly, what these guys do is first make a few nonsense posts. Those will have a garbage link usually and random sequences of letters for text. Apparently the purpose of these is to see if they CAN post, or perhaps to test their robot. The real spam attempts follow these, though sometimes not for a day or so.

Most of these guys use multiple IP addresses. This one was unusual in that he used the same IP every time. It doesn't matter to me: I'm watching for patterns, keywords and destinations, not IP's.

I log every bit of it. That helps me learn new drug keywords and new destination links to block. This guy has several dozen sites he ran through, and a dozen or more keywords - most of which I've seen many times so they automatically trigger rejection.

After five hours of hammering, it looks like he may have finally given up. That almost makes me sad - he was fun to watch.

I know that sometimes my spam traps interfere with legitimate comments. I apologize for that and want you to know that I am constantly adjusting the code to avoid false positives, but this spammers blitzkrieg shows why I have to use strong defenses.

Got something to add? Send me email.


Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Mon Sep 28 19:07:53 2009: 6994   TonyLawrence

I spoke too soon - the Russian plugger has not given up - my logs just spit out another 20 useless attempts at drug spam.

Good luck, pal... you are an inspiration to all of us. Pluggers never quit!

Mon Sep 28 21:18:57 2009: 6999   TonyLawrence

He's still at it, but stopped giving me anything new and useful, so I've blocked him completely now.

I do have to give him credit for being the most persistent spammer ever :-)

Tue Sep 29 03:33:56 2009: 7002   badanov

A description of my problem:

And what I did about it:

Tue Sep 29 12:29:28 2009: 7005   TonyLawrence

Ayup. I don't talk about all the things I do to thwart comment spam, but wasting their time is indeed part of the game.

Thu Oct 1 02:13:07 2009: 7025   TonyLawrence

He's still at it :-)

New ip, but same spammer. Hundreds of attempts, not a single one of which has gotten through, but he keeps trying.

Tue Oct 6 19:42:18 2009: 7082   TonyLawrence

Would you believe that he's STILL at it?

Hundreds upon hundreds of attempts and none get through, but he keeps plugging.

Yeah, I know it's automated - but still, I have never had one spammer be so persistent, especially when they are not getting anything through!

Fri May 21 15:02:06 2010: 8622   anonymous


I have also experienced that before but now I filtered those spammers on their IP and email.

Fri May 21 15:12:10 2010: 8623   TonyLawrence


That won't work generally. See
(link) for much more on detecting soma.

Kerio Samepage

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

[C has] the power of assembly language and the convenience of … assembly language. (Dennis Ritchie)

This post tagged: