The comment spammers are going manual, it seems

Some time ago I modified this blog softare (Drupal) to ask a very simple question of people without accounts posting comments. It generally works very well at stopping robot posting, however the volume of spam has been increasing, so I changed the question. Volume may have dropped a touch but I still got a bunch, which means the spammers are actually live humans, not robots.

It’s also possible that asking natural language questions (rather than captcha style entry of text from a graphic) has gotten common enough that spammers have modified their software so they can figure out the answer once and easily code it, but I don’t think this is the case.

What’s curious is that my comment form also clearly explains that any links in comments will be done with the rel=nofollow tag, which tells Google and other search engines not to treat the link as a valid one when ranking pages. This means that, other than readers of the blog clicking on the links, which should be very rare, these spams should be unproductive for the spammer. But they’re still doing them.

The change however was prompted by a new breed of comment spam, where the spammers were copying other comments from inside large threads, but inserting their link on the author’s name. (This also uses rel=nofollow.) Indeed, such a technique does not automatically trigger my instincts to delete the spam, but they chose one of my own comments, so I recognized it. Right now my methods cut the spam enough that it is productive to manually delete what gets posted, though if the volume got high enough I would have to find other automated techniques.

(Drupal could of course help by having a much easier to use delete, including a ‘delete all from this IP address’ option.)

Surely the IP addresses in

Surely the IP addresses in your logs provide some clues. Without
seeing them, my conjecture is that boiler rooms in countries with
cheap labor are doing it, in a manner similar to the building up
of characters for resale in online games like Everquest or clicking
on ads to artificially pump up click-through rates. The people
actually doing the work probably have little or no understanding
of English -- they're just following a script provided to them.

Perhaps you need to a little bit of programming to present a
different validation question from a small set instead of the
same one each time.

Two Drupal SPAM modules to check out.

Found your blog via Jerry's retreat site.

The Drupal Troll module can block an IP address:
http://drupal.org/project/troll

But I've started using the Akismet Drupal module:
http://www.phpmix.org/projects/drupal/4_7/akismet

You have to get a Wordpress API, but it seems to be working really well so far.

-Kent.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

His name is Brad Templeton. You figure it out.
Please make up a name if you do not wish to give your real one.
The content of this field is kept private and will not be shown publicly.
Personal home pages only. Posts with biz home pages get deleted and search engines ignore all links
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

More information about formatting options