Spam comment of the day.

This has nothing to do with the entry. I just wanted to use it.
This has nothing to do with the entry. I just wanted to use it.

Despite all the stuff that’s been put into place by bloggers and Google to discourage the practice of leaving comment spam the spammers keep on trying. Ever since moving to WordPress I don’t think I’ve had a single piece of comment spam make it into the live comments on a page thanks to Akismet and having the blog set up so that your first comment is held in moderation until you’ve been approved at least one time. Yet every day I login and empty the spam queue of upwards of 350 to 650 spam comments.

I only give a cursory glance at the spam comments to make sure there aren’t any false positives and most of the time it’s the same shit over and over again, but every once in a while one of them will catch my attention. Here’s one from today that I found particularly amusing:

Paragraph writing is also a excitement, if you be acquainted with
after that you can write if not it is complicated to write.

Clearly English is not this person’s first language. That said, I’ve been puzzling over exactly what it is the author of this comment was trying to say. One of the “strategies” of comment spammers is to write something that sounds like it just might be a legitimate comment. For example, I get a lot of them that ask what blogging software I’m using even though it’s listed at the top and bottom of the screen. Or they’ll try to offer some faint praise or, occasionally, some lightweight criticism in hopes that you’d be fooled into thinking it’s legit. The vast majority of the time you don’t even need to look at the URL they’re leaving to see that it’s a spam comment. You can tell just by the comment itself.

The above appears to be an attempt at the faint praise approach, but it’s written so poorly that it just comes across as someone trying to make a patently obvious statement. Surely they could have gotten a better translation if they’d made use of Google Translate, but that would take too much effort I suppose (kinda like, you know, paying for legitimate advertising would). I can’t tell you why this particular comment spam grabbed my attention when so many others very much like it slide on by, but here you go.

You must log in to comment on SEB.

For the first time in 12 years I’m requiring folks who wish to leave a comment to log in before being able to do so. The primary reason for this change is comment spam. Even though Akismet catches 99% of comment spam it only automatically deletes them on posts more than 60 days old. Any entries newer than that and it goes into a spam queue which I need to clean out periodically lest the database grow to unreasonable size. For the past several weeks the comment spam on newer entries has reached a rate of almost 4,000 comments a day. It actually takes several attempts to clean the queue because it takes so long it times out and it’s not unusual for there to be 4 or 6 new spam comments as soon as the screen refreshes on the last attempt to empty it. I tried looking for some form of unintrusive captcha that might slow the pace and nothing seems to work and if I’m going to have a more intrusive captcha I may as well just have you log in and be done with it. Since making the change several days ago there hasn’t been a single spam comment to delete.

The other reason why I’ve gone with this option is the fact that you don’t have to register an account on SEB to log into it. You can use any of a half-dozen other accounts you may already have to verify who you are. You can log into SEB using your credentials from Facebook, Google, Yahoo, Twitter, Tumblr, and even Steam. If you don’t use any of those services then you can create an account right here on SEB. All that’s required is a username, email address, and a password. I will not sell your email address to any third party, ever. One advantage to logging in is a much simpler comment form.  Just one box for writing the comment.

Hopefully this won’t be too much of a burden for the regulars who drop by. The amount of comments from non-regulars was low enough as to not be an issue in this decision. I’m sorry to have to go this route, but the amount of time I was spending trying to keep comment spam at bay makes it a necessary change.

Comment spammers are trying something new.

But I don't LIKE spam!!

Been seeing an odd form of comment spam show up in SEB’s spam queue lately. The URL is a link back to Bing or Google’s homepage while the comment itself contains no links at all and is often mildly on-topic, but a short one or two liner that doesn’t really add anything to the conversation. The email address, however, points to a distinct domain. One such example is boco-boco.pl which serves up a Polish lace corset wholesaler’s web page if you go to it.

Not sure how this is helping them. Are they hoping that the email address will drive up page rank? Without it linking back to their site I don’t see how it helps. WordPress, like most blogging software these days, doesn’t publish emails on the comments page and links published in comments contain the “rel=no follow” tag anyway. The email address is primarily used for the notification emails and I’m often the only person who will ever see it.

As a spam strategy it’s pretty stupid as it can only possibly benefit Bing or Goggle as that’s the URL being used. Are they really that stupid or is there something really clever about this approach that I’m just not seeing?

Spam comment of the moment.

SEB gets hit with a lot of spam comments most of which aren’t particularly interesting or amusing, but occasionally on checking the spam filter I come across one that is worth sharing. This one, for example, is a delightful excursion into surreal gibberish:

I loved as much as you will receive carried out right here. The sketch is attractive, your authored material stylish. nonetheless, you command get got an shakiness over that you wish be delivering the following. unwell unquestionably come more formerly again as exactly the same nearly very often inside case you shield this hike.

This showed up on the thread about the PA mayor resorting to prayer to solve her city’s financial problems. Knowing that doesn’t make it anymore coherent, but I thought I should include that info. I don’t know about you, but I’ll be damned if I can figure out just what the comment is supposed to be saying.

SEB is getting hammered with comment spam lately.

Here’s a graph showing all the spam SEB has received since the start of September of 2009:

Graph of spam sent to SEB.

It's like a SPAMQUAKE!

We jumped from a low of 23 last October to a record high this month of 2,056. I just cleaned out another 154 from the spam queue and there’s already 3 new ones back in there.

On the plus side, the WordPress implementation of Akismet is damned impressive. Almost all comment spam is caught by the filter with only a couple ever making it through and with only a handful of false positives. Even then the ones that make it past Akismet never see a live page as they get stuck in the moderation queue due to having an unknown email address. It works out to a 99.377% accuracy rate which is nothing to sneeze at.

On the negative side, it doesn’t look like the WP-reCAPTCHA plugin does jack shit in terms of stopping spam bots as most of it is clearly not being typed in by hand. Having said that I must admit that I’ve not turned it off yet to see if things get worse or not, but I’m tempted to try it and see. If things are about the same then there’s little point in using it as it just annoys non-registered commenters.

So while there are aspects of WordPress that annoy me – large number of plugins to recreate functionality found in other systems, annoyingly complicated template system – I have to give them big props for an excellent comment spam solution.

Weirdest comment spammers ever.

So you may have been noticing that what appears to be some fairly innocuous comments from non-SEB regulars being deleted just about every day for the past week or so. On the surface there’s nothing obviously spammish about these comments, but I’ve been deleting and blacklisting the user names as rapidly as they’ve shown up. At first I wasn’t sure it was comment spam because the comments all appeared to be related to the topic of the thread in question, but I still had a feeling something was amiss as the comments were showing up on some of the older threads we have around here—that also tend to have some of the highest Google page ranks coincidentally—and the comments were all written in such a way that they were on topic, but said absolutely nothing of consequence. Two examples of this were posted last night while I slept from a visitor named “Ermar” one of which was on the thread about Romney dropping out that read as follows:

Whoever win the race I’ll support him. Its people’s choice and we have to respect it.

Seems on topic, but it seems like a stupid thing to say as though the person wasn’t really thinking about what they were typing and was just saying something that seemed related to the topic of the thread. This one was just enough to get DOF to respond to it, but usually the comments from these people pass without anyone really noticing and I think that’s by design.

Every one of these comments has left a link to a blog and when I check the link it always points back to a blog that appears legit at first glance, but again there’s something not quite right. For starters most of the entries on the site are composed of one or two sentences on the main page that links to a full entry that consists of one or two paragraphs of the same sort that comprise the comments being left. In short, not really saying anything of consequence. “Emar’s” blog is named “boringatbreakfas” (no, I won’t link to it as that’s probably what they’re hoping for) and is full of inane entries like this one:

Weather is a funny thing

Weather is a funny thing. We use a ton of terms to describe it. It can be perfect, it can be fine, it can be awful, and it can even be downright weird. It seems that Mother Nature is a fickle minded woman. But whatever the weather may be, it is all part of the natural cycle of things. Weather in Africa differs from that in London. Manila weather too, is something all its own. Just as casinos have their own thing going for them and rodeos offer some things different than those that can be found in USA Manila weather too is starkly different than the rest of the world.

That’s it. That’s the entire entry. Here’s another example:

In life, the basic..

In life, the basic necessities for living are food, shelter and clothing. These still apply today theoretically, but try applying it and I doubt if you would survive a year with just those three basics. In this day and age, food, shelter and clothing just don’t cut it anymore. With the advent of technology, our lives cannot depend solely on the three basics anymore.

And as life gets more complicated with each passing day, a growing concern that arises with this complexity of surviving is security. Security comes in many forms. You may seek security in a friend; you may look for it for personal safety, you may seek security against cyber fiends, or you may look for it to protect your belongings, heck, you can do a “Linus” and look for security in a blanket even. No one really knows what evil lurks this world.

It doesn’t really say anything and the posts are clustered in a handful of days in a handful of months spread out over the past year for a grand total of 14 entries. Another thing that’ll strike you as odd if you visit the page is that not one entry has a single comment left on it. Either “Emar” is the world’s most boring blogger or there’s something amiss.

Now if it had just been “Emar” showing up and leaving inane comments I might be willing to buy into the idea that he/she/it is the world’s most boring blogger and not have bothered to touch their comments, but he/she/it is not alone. We’ve been receiving similar comments from a half dozen people for the past week and every single one of those people has a blog that has similarly inane entries with absolutely no comments on any of them and all of these people seem to hail from around the same part of the world. All of that could just be coincidental, perhaps SEB is suddenly attractive to the world’s most boring bloggers, but here is the clincher: Every single boring blogger just happens to link to all the other boring bloggers who just happened to start leaving boring comments at SEB at the same point in time.

In addition to “Emar” we’ve been visited by “Carlo” (bloggography), “Estela” (addictedtocodein), “Natashiya” (agenthotty), “Viktor” (cleancorpse), “JJ” (modernpunches), and “Eliana” (ashestoashes). Blog names are in parentheses. Here’s the other thing that’s interesting: If you compare the dates on which entries are left on each of the blogs in question they all start at around the same point in time last year (February 2007), they all have between 12 and 14 entries, and the entries are all posted within one or two days of the other blogs and all the entries save for one or two are the same boring one or two paragraph dissertations about nothing in particular. To top it all off each blog has exactly one category defined and the category is the same name as the blog itself. So, for example, all the entries on “ashestoashes” are posted in the category of “ashestoashes.” Lastly not a single one of these people has sent me an email to complain or ask what the hell is going on after I blacklisted their blogs and deleted their comments.

So it seems clear to me these comments are clearly spam of some sort, but the thing I can’t figure out is what they’re trying to accomplish. I can’t find any links on any of the blogs in question to any websites that would benefit from all this spamming. The nearest I can figure is that they’re trying to raise their Google page rank in hopes of selling the domains to someone else later, but that’s just a guess on my part.

Have any of you other bloggers been visited by these people? Am I the only one paranoid enough to notice these weirdos?