The comment spammers are going manual, it seems

Topic: 

Some time ago I modified this blog softare (Drupal) to ask a very simple question of people without accounts posting comments. It generally works very well at stopping robot posting, however the volume of spam has been increasing, so I changed the question. Volume may have dropped a touch but I still got a bunch, which means the spammers are actually live humans, not robots.

It's also possible that asking natural language questions (rather than captcha style entry of text from a graphic) has gotten common enough that spammers have modified their software so they can figure out the answer once and easily code it, but I don't think this is the case.

What's curious is that my comment form also clearly explains that any links in comments will be done with the rel=nofollow tag, which tells Google and other search engines not to treat the link as a valid one when ranking pages. This means that, other than readers of the blog clicking on the links, which should be very rare, these spams should be unproductive for the spammer. But they're still doing them.

The change however was prompted by a new breed of comment spam, where the spammers were copying other comments from inside large threads, but inserting their link on the author's name. (This also uses rel=nofollow.) Indeed, such a technique does not automatically trigger my instincts to delete the spam, but they chose one of my own comments, so I recognized it. Right now my methods cut the spam enough that it is productive to manually delete what gets posted, though if the volume got high enough I would have to find other automated techniques.

(Drupal could of course help by having a much easier to use delete, including a 'delete all from this IP address' option.)

Comments

Surely the IP addresses in your logs provide some clues. Without
seeing them, my conjecture is that boiler rooms in countries with
cheap labor are doing it, in a manner similar to the building up
of characters for resale in online games like Everquest or clicking
on ads to artificially pump up click-through rates. The people
actually doing the work probably have little or no understanding
of English -- they're just following a script provided to them.

Perhaps you need to a little bit of programming to present a
different validation question from a small set instead of the
same one each time.

Found your blog via Jerry's retreat site.

The Drupal Troll module can block an IP address:
http://drupal.org/project/troll

But I've started using the Akismet Drupal module:
http://www.phpmix.org/projects/drupal/4_7/akismet

You have to get a Wordpress API, but it seems to be working really well so far.

-Kent.

Add new comment