I wish pain and disfiguration upon all comment spammers
Jun 8, 2011
I haven't been able to update this blog in quite a while, since I've been spending all my (diminishing) free time fighting comment spammers. In case it's not painfully obvious, this is my first real blog, and I went ahead and added a comment section since, of course, all blogs should have comment sections. I actually got one legitimate comment before the Viagra, Tramadol, and Cialis peddlers found out I had an open comment section and started posting an average of FIFTY comment spam messages per day.
If you're not familiar with the phenomenon of comment spam: any website that allows its readers to post anonymous comments is almost immediately inundated by posts from shady drug pushers who are trying to get people to buy name-brand drugs at "low prices" online. Like the telemarketers of the 90's, I can't beleive that enough people fall for these scams to make them worthwhile, but from the volume of comment spam I'm getting, it must be pretty lucrative.
In a way, I sort of bring this on myself. My hosting provider provides blogging software — it's actually part of what I'm paying for — but rather than take advantage of the professional blogging software that presumedly includes some level of spam filtering, I prefer to do everything myself. They won't let me have SSH access, so I begrudgingly use their Apache server, but if I had full access to the box, I would have compiled and configured my own server, too.
So of course I wrote my own perl scripts and configured my own MySQL DB to store and retrieve comments. I could have created a blog, for not much more money, with TypePad, instead of hosting it myself, but writing scripts is a fun, and interesting, experience — especially for somebody like me, whose only professional programming experience has been in Assembler, C, C++, and (for twelve years now) Java. I like learning new things, and I like building things, so I went ahead and put together my own little content management system.
... and immediately got socked with the reason most people let professional blogging software manage their blogs these days. Man, these comment spammers are relentless. I've been fighting them for weeks. Every morning I log on, and I've gotten between 40 and 50 comments, all from online drug manufacturers. I think their ultimate business model is to drive me crazy to the point where I need Xanax — and believe me, if I do, I know where to get it cheap, without a prescription.
At first I tried blocking their IP addresses. Surely there can't be that many different IP addresses posting comment spam, right? Well, the comment spammers had a good laugh at my attempts to block their IP addresses. I even wrote an administrative CGI script to automate the process of blocking IP addresses I was able to identify conclusively as spammers — These guys were a huge help in identifying the biggest offenders. But, after having blocked 25 individual IP addresses without even putting a dent in the amount of spam I was receiving, I moved onto content filtering.
I started that today; we'll see how that works out for me. In the meanwhile, I'm working on another post about Apache configuration, which is just about ready to publish. Let me know if you've had any experiences with comment spammers and what you were able to do without resorting to Captchas or commercial software.