It's been a while since the last installment of 'Spammers are stupid' (although some recent mentions would qualify), however I just had one today that amused me slightly.
Specifically it was an item of comment spam. I have to take my hat off to the spammer because it didn't look like spam at first, until I realised that the domain he used was hot-wet-sex.org (might want to add that to your blacklist). But most interestingly, the comment had an illegal character where the 'author' had tried to include an apostrophe. Now this is, in theory, impossible because I've made the comment form enforce Unicode, whereas this was an ISO-8859-1 character. Evidently, the comment form had not been used in this case.
A quick look at my access logs confirmed this. There was several matches for the IP address used, initially browsing with a Yahoo crawler user agent (hmmm...) and then submitting the form with an AOL Browser user agent.
So, from this, we have learnt that the current generation of spambots:
- do not respect character encoding
- Use a Yahoo crawler user agent, even though it was not from a server in Yahoo's IP range.
Maybe I need to do some user agent filtering and block out bots that claim to be Yahoo Slurp or Googlebot, but are not being run by Yahoo or Google.
Number one way to stop spam: block every IP address.
;)
I completely stopped all spam on my blog just by adding a hidden input to my comment form, and checking for it on the POST.
Since the bots hitting my site were the dumber version, they just hit the form script directly, without using the form, so they wouldn’t have the hidden value.
I’ve had a lot of comment spam attempts coming from a bot identifying as MSNBot when it clearly isn’t.