Oh Yeah, Comment Spam. I Forgot All About That…

One of the downsides to kicking off the blog again has been the return of the dreaded comment spam. Before I moved the blog over here, I was using my own custom blog system, which meant I could implement a very simple little trick to stop comment spam. Not quite a CAPTCHA in the true sense of the word, but good enough for my little insignificant blog: I simply added a field asking people to type in my name before submitting the comment. Easy for humans to do; unlikely that anybody would ever bother updating a comment spam bot to parse the question and respond accordingly.

But when I moved the blog over I opted for the easy solution of just installing WordPress, and while that meant that setup and configuration were the proverbial breeze, unfortunately “security through obscurity” no longer applies round these parts. Anything that I choose to implement here is also available to millions of other WordPress users around the world, and so it is very much worth the time of any comment spam bot author to workaround whatever anti-spam techniques I might be using.

Up until a couple of weeks ago I hadn’t seen a single piece of comment spam for about 4 years, but now there’s a steady trickle of them pouring onto the blog and into my inbox (far outweighing the number of genuine comments–perhaps that’s the universe’s way of letting me know that I’m just pissing into the wind once again).

Interestingly, things seem to have moved on in the world of comment spam over the last couple of years–when I last dealt with the problem the comments were usually gibberish and stuffed with links, whereas now they masquerade as apparently genuine comments, and it’s only when you read them closely that you notice the faltering English and lack of relevance to the article they’ve been posted on. I guess they’re designed to trick a busy moderator on a high traffic site who isn’t paying close attention.

That said, if I was writing a comment spam bot that posted the comment:

I also think the same as the commenter above.

They I’d maybe add some logic to check it wasn’t the first comment on that post, as that was a bit of a giveaway on that one.

Some of them are almost worth keeping for the comedy value of the dubious English (and the compliments–but a compliment by spam bot is no better than a machine on a train platform playing that recording that apologises for the delay to your service, is it…):

Thank you for give very good knowledges. Your web is very goodI am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more. You, my friend, ROCK! I found just the information I already searched everywhere and just couldn’t find. What a perfect site. Like this website your website is one of my new favs.I like this info shown and it has given me some sort of desire to have success for some reason, so thank you

Nice to know that my web is very good. I wove it myself, don’t you know. And yes, thanks. I do understand the subject of this blog–me–pretty well. Glad to know that I ROCK too. Do come back for more Mr Comment Spam Bot, and good luck with that desire to have success. I’m still working on that myself.