A quick review of WordPress comment and trackback spam

One down side of running a blog has got to be the amount of comment spam.  I’m going to have to put in place better systems to stop it but before then, here’s a brief unscientific analysis of the last 23 spam comments (they all get held until I approve them) and what I think the spammers are trying to do:

1) Trying to flog fakes

Brand name sunglasses are popular. Rayban and Oakley frequently appear.  Also hand bagsThe destination sites appear to like Western Union money transfer and a good number are based in China.

Sometimes the link(s) they include point to another site which then links to their site

They comment with phrases like

“Have a good day!I’m very pleased when see your post.I quite approve of your point of view.I will continue to following on your blog.I believe that the future I will see more about your wonderful views….”

“If you thinkI do not care to set eyes on this article, the next time I am concerned about your article, I think I will never again careless. Do you be satisfied of yourself, you do not know your article can make people so obsessed with….”

One of my recent favourites, several appear to have an error in their code,

Have a {great|good|excellent|fantastic} day!I’m very {happy|glad|pleased} when see your post.I quite {agree with|endorse|approve of} your {point of view|viewpoint|standpoint|views on politics|opinion on public affairs}.I will continue to {focus|atte…

My web server is in Paris. A fair number of spammers appear to recognise this fact, spamming with French phrases like “longchamp pas cher”

2) … actually, it appears they all want to sell fakes

All the spam was trying to sell fakes and it was all priced in US dollars.  My really simple anti spam question commenters have to answer stops a lot of the robots.  Here’s an extract from the logs which shows one persistant robot being refused.

www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:21:37 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:21:44 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:21:47 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:21:52 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:21:58 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 91.121.64.168 - - [28/Apr/2013:18:31:23 +0200] "POST /wp-comments-post.php HTTP/1.0" 500 4130
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:32:02 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:32:07 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:32:12 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:32:15 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:32:25 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 175.42.80.130 - - [28/Apr/2013:18:32:29 +0200] "POST /wp-comments-post.php HTTP/1.1" 500 4132
www.steveroot.co.uk 142.4.209.47 - - [28/Apr/2013:18:32:36 +0200] "POST /wp-comments-post.php HTTP/1.0" 500 4130