Category Archives: akismet
Comment spam
Posted by niq
Back in May I mused idly about hair in a very brief blog post. For months now I’ve been plagued with a torrent of comment spam on that particular post, and I’m now disabling comments on it altogether.
This is the most unsubtle form of spam, full of utterly blatant keywords and phrases like “nude teens”, “pre-teen sex”, “lolitas”, “hairy pussy”, “nymphet incest” linking to the spammer’s sites. So surely it should be trivial for a spam filter like akismet to deal with them?
Akismet can tend to be over-zealous with legitimate comments, and regularly tends to caution when posts contain links. For example, Andrew’s recent comment on my Mac troubles includes helpful links which caused Akismet to send it to me for moderation. Most regular spam just gets automatically binned without my ever knowing about it unless I actively take the trouble to check. So how the heck does this particular crap get past it? If Akismet were human, I’d have to suppose (s)he was either being blackmailed or taking backhanders!
It’s not even as if links from here have obvious spam value: wordpress automatically inserts rel=nofollow to tell the ‘bots to ignore them. And my blog is actively managed: I welcome comments but remove spam, including the traditional innocent-looking stuff that just says something bland like “nice blog”, or even spam compliments like a “thank you for saying that” where they wrap a link. My criterion is not what someone links to, but whether the ‘comment’ contributes to discussion or is a ‘bot that’s just posting at random or at best has latched onto some key word or phrase in a post.
Talking of which, I wonder why that particular post attracted so much crap? Is it perhaps the phrase “Long luxuriant hair” appearing in a legitimate comment? Or maybe the title of the blog entry means something different in the spambot’s world?
Let’s see if this entry attracts similar crap. If it does, I might (reluctantly) have to close comments here too.
Hyperactive akismet
Posted by niq
quasi (mads) just pinged me on IRC. He’d made a comment on my latest blog entry, but it hadn’t appeared. And another on May 1st, which had also gone nowhere. Today’s ping was because his comment was in fact a suggestion, in response to my question.
Turns out akismet seems to have a grudge against him, and thought both his comments were spam. Since they’re both less than a week old (or whatever it is), I was able to recover them through the admin panel.
Akismet is a bit of a lifesaver, in that it eats up the vast majority of spam attacking the blog. But this is not the first time it’s given false positives. So, anyone whose comment doesn’t show up, that’s probably what happened to it. Ping me, and I’ll look for it. If you don’t ping me, I’ll never know you tried to comment.
Posted in akismet, wordpress.com
A new rain of spam
Posted by niq
Yesterdays and todays news is that the ‘merkins have arrested one of their top spammers in Seattle. I don’t know how much difference this’ll make, but my understanding is that it’s one or two altogether different US states that give spammers a safe haven and could really make a big difference. Along with the world at large.
Here on the blog I’ve had a recent deluge of trackback spam pointing to something called “correctserver.com”. It’s a subtle one: I first saw it when I referenced an earlier post, and saw not just the one (legitimate) trackback, but a second one appearing simultaneously. I first took that for an innocent wordpress malfunction, then realised that the trackback from “[my post ]| Server software” was spam pointing to someone’s copy of my post. Since then I’ve had a number of them from the same spammer, and they get right through Akismet.
Today I just realised it’s more subtle than that. A week and a half ago, Danny Angus referenced my blog in an entry on his own. The first I saw of that was the trackback; then I saw it on Planet Apache. OK, fine, a legitimate trackback, right? Nope, it was only just this morning it showed up in my feed as [Danny’s entry]|Server software that I realised it didn’t link to Danny’s post, but to the spammer’s copy of it at correctserver.com.
A subtle and devious technique. WordPress admin and Akismet: I hope you’re listening!
niq's soapbox 