In the Spam Crosshairs

We’re in the crosshairs of a very aggressive comment spammer. Last night, I noticed we had 800+ spam comments in our comment spam queue, which had accumulated in a week or so. I’ve set up a bunch of WordPress plugins to spot fake comments and filter them out. †Usually, we get†less than 5 spams in a busy spam week, and many weeks it’s 0. I cleared it out only to find 90 more spams in the spam folder this morning.

Of those nearly 1000 spams, precisely 1 made it through the spam filters and showed up attached to†a post. So, that a success rate of 0.01%. I think that pretty much qualifies as an epic fail on the spammer’s part.

I don’t know if this spammer is specifically targeting us for extra love, or this is just an epic comment spam flood for everyone in general… or maybe our Google standings have suddenly brought us unwanted attention. In any case, they are still at it, a few have arrived while I was writing this post.††I’ve done a bit more tightening up, but it looks like to really stem the firehose o’ shite coming from the spammer, I’ll need to firewall off all of China, Venezuela , and a few other countries. I don’t think that’ll impact our readership much… I can’t imagine there are too many U.S. telecom wonks in†Guangzhou.

That does bring up an interesting thought, though: †besides the volume, what’s different about this spam attack is its breadth of IP addresses. In the past, the comment spam we’ve gotten has been limited to a few repeats from one or two IP addresses. In this case, the spam seems to be coming from a huge number of IP’s spread across the entire range of a few carrier’s network (China Mobile Telecom and Venezuela’s CANTV, specifically, for the ones I have bothered looking up). Either someone has a really specific botnet that they set up, or… well, I’m not going to point fingers.

While the source of the spam is overseas, it’s pimping for companies†in the U.S. for the most part: some legal outfit in LA that specializes in †labor law, some exotic used car sales place that seems to mainly advertise on Youtube, and some addiction recovery site are the main crap being peddled. Your usual bottom-feeding douchebags, in other words. The back links on the comment spam all point to third party sites (such as Youtube, Tumblr, and various blogs) †rather than the actual company being pimped. I guess it’s the spammer’s way of preventing complaints getting back to their client’s web hosting service.

However, one poorly chosen strategy involved linking to the Yelp review page for some cleaning service in Denver they were pimping. Seriously, do you want to make it that easy for people to dopeslap†your slimy customers with a 1-star review, Mr/Ms Spammer?

Stuck in all of the crappy comment spam was… ads for a Search Engine Optimization outfit that apparently is located in New York. I can only guess these are the clowns responsible. Considering their 0.01% success rate, I safely say if it’s them, they really aren’t good at what they do.

One Comment

  1. Thanks for being our sheriff. Let these no-good rapscallions just mosey on out of Wetmachine town before we get out the tar & feathers. And also thanks for taking up the time to write this up. It’s an interesting commentary on the evolution of spam (and on the notion of “rogue states” in Internet land. . .)

Comments are closed