It’s been a while since the last installment of ‘Spammers are stupid’ (although some recent mentions would qualify), however I just had one today that amused me slightly.
Specifically it was an item of comment spam. I have to take my hat off to the spammer because it didn’t look like spam at first, until I realised that the domain he used was hot-wet-sex.org (might want to add that to your blacklist). But most interestingly, the comment had an illegal character where the ‘author’ had tried to include an apostrophe. Now this is, in theory, impossible because I’ve made the comment form enforce Unicode, whereas this was an ISO-8859-1 character. Evidently, the comment form had not been used in this case.
A quick look at my access logs confirmed this. There was several matches for the IP address used, initially browsing with a Yahoo crawler user agent (hmmm…) and then submitting the form with an AOL Browser user agent.
So, from this, we have learnt that the current generation of spambots:
- do not respect character encoding
- Use a Yahoo crawler user agent, even though it was not from a server in Yahoo’s IP range.
Maybe I need to do some user agent filtering and block out bots that claim to be Yahoo Slurp or Googlebot, but are not being run by Yahoo or Google.