At the time of writing, my main blog is under a sustained comment spamming attack. Over 50 spam comments today, all targeting the one old post, promoting a poker web site. At least one other WordPress-based blogger is getting them, so it’s not just me. And what’s interesting is they’re from a variety of different IP addresses, so assuming that’s not spoofed, it looks like the attack is coming from multiple zombies.

(Links in text deleted)

Author : poker (IP: 195.172.182.228 , 195.172.182.228)
E-mail : byob@y7263o.com
URL : http://www.poker-w.com
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=195.172.182.228
Comment:
7263 JUST A FEW LINKSFOR YOU TO CHECK OU WHEN YOU GET A CHANCE
Online poker
texas holdem poker
texas hold em

When I first saw this type of comment spam, I thought huh? What’s the point? Who is going to see such comments and click on them? Particularly in this case, with dozens of the same spams hitting one particular post. But the point is getting links to your sites into the search engines, and up the rankings. Whether it works or not I don’t know.

WordPress has a fair bit of flexibility when it comes to catching comment spam. The most useful generic setting is number of links in a comment. A surprising number of comment spams have heaps of links. You can also nominate keywords (though in 1.2 there was a bug in that if the final keyword on the list had a CR after it, every comment got caught). Caught comments go to moderation, so the never see the light of day. Handy for comment spam and for moderating particular users/IP addresses too.

Comment spammers, like other spammers, are getting cleverer. Hopefully the blogging community (and in particular those who write and update blogging software) will stay one step ahead of them.

Update Friday 07:30: The attack appears to be widening to more blog posts, and branching out to Viagra and weight-loss, but is still showing signs of being from the same source. To counter it, I have shutdown comment posting on entries more than 60 days old using Scott Hanson’s Auto Shutoff Comments plugin.

Defined: Wikipedia on blog comment spam.

Possible solution for WP?: Modification to comments code that ensures it can only be called from the form, not remotely. I’ll try this when I get the chance.

Update Friday 13:00: The patch above doesn’t work for this particular attack. Looks like this one spoofs the referrer… which makes sense, any decent spammer would think of that.

For anybody who dabbles in GeoCities, they’re doing a little cleanup which means rarely accessed or updated sites may get the flick:

“We noticed that you haven’t updated your web site in a while. If you wish to keep your web site, we encourage you to update it within the next 30 days so that it will not be deleted due to inactivity. If your web site is deleted, visitors will no longer be able to access your web site and all files will be permanently deleted.”

I took a look at my site (which has bugger all on it) and got this warning:

If you’ve got a site you occasionally glance at, now would be a good time to tinker a bit. And grab a copy of whatever’s on it, if you don’t already have it.