comment spammer using perl

Posted by joy


Stupid comment spammer left a comment in an old story that attempted to appear somewhat legit but the one URL he used went to a site for pain meds. Interesting user agent.

Host: 61.30.47.21
Url: /index.php?s=
Http Code : 200

Date: Aug 13 21:44:03
Http Version: HTTP/1.0″
Size in Bytes: 41677

Referer: -
Agent: libwww-perl/5.800


3 Responses to “comment spammer using perl”

  1. Phil Ringnalda Says:

    You think that’s bad? Remember the flurry of crapflooding comments last winter? Several revs of MT-Flood used the UA… “MT-Flood”.

  2. joy Says:

    I was hit with that attack too. It was not fun coming home from a weekend away to find that my hosting provider had to go and disable mt-comments.cgi manually because the attack was hosing the CPU.

    Actually, I’m just amazed that some poor sap in Taiwan thought it would be worth his while to write a script that would post a somewhat camoflauged comment with *one* embedded spam link in both the commenter’s URI and in the message itself.

    So, what this indicates is that the comment spammers are trying to evolve (I don’t know if you’re familiar with wordpress per se, but there is an option to either entirely disable live URLs in comments or disable the number of URLs)* around the anti-spam measures put forth. Just look at the effort the dude put into trying to advertise one unique URI (and yeah, he tried to post some more after I IP banned him).

    *In addition, if I really wanted to be masochistic, I could actually implement comment moderation, which would enable me to moderate comments before they are posted.

    But I guess the real question is, even if I can cut down on comment spam with anti-spam measures, is it really worth the time/effort that I put into it?

  3. Phil Ringnalda Says:

    Worth it is one of those questions nobody else can answer for you. I wouldn’t even consider blogging without comments: I already know what I have to say, before I type it, so if I don’t get to find out why I was wrong, I’m not going to bother. Some people aren’t very fond of comments, and others just don’t happen to write in a way that produces comments (quite often by being so brilliant that all you can say in a comment is “you rawk, dude!”), and probably wouldn’t miss them. But, personally, even if I didn’t love them, I wouldn’t be willing to let the spambot terrorists win by closing them just because of some really incompetant programmers. (As to why he bothered: after a nice spamming run, he got 48 comments to stick in feeds that Bloglines knew about long enough for it to see them, and 22 of those were still around the next morning. No idea how many he tried, to get those 22, but I’m pretty sure his cost was on the order of 0.000000001 cents per attempt.)