Neil Turner's Blog

Blogging about technology and randomness since 2002

An analysis of a comment spammer

Looks like my comment spam fix isn’t foolproof, since I have just got some pharmaceutical spam posted to one entry. But a quick analysis of my Apache server log revealed some interesting trends…
The IP address was, so I searched the file for this address. 5 lines came up, the first of which was most telling: - - [08/Oct/2003:17:30:19 +0000] "GET /entries/000234.html HTTP/1.1" 200 - "
&cat=web&q=%22Remember+personal+info%3F%22&avkw=fogg&o=20" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; Rogers Hi-Speed Internet)"

This shows that someone is scouring for sites with this string: “Remember Personal Info?” – many of which will be blogs. It would seem, therefore, that you could prevent this by merely changing the text to something else (ie something that not everyone else is using). It’s worth a try, anyway but don’t expect immediate results because the search engines will need to recrawl your site first.
While I’m on the subject, Jay Allen has another good stab at blocking the spam – might be worth keeping an eye on it.


  1. It seems like you certainly have been hit with a lot of spammers. I haven’t had any comment spam yet, rather referrer and zonk board spam. Both of which I haven’t had too much problem keeping under control.

  2. I think it’s a Movable Type thing – since you use Bloxsom you’re probably not so prone. It’s possibly also because ever since I made my Movable Type template available the number of reciprocal links I’ve been getting has gone through the roof, so I’m guessing I may have had an increase in pagerank or something.

  3. Blogging: Comment Spam

    Like practically everybody else in the blogsphere at the moment, I’m suffering quite a bit of comment spam: I had to block my first IP address yesterday – and now I’m blocking the following 7 IP addresses: 2…