According to the Akismet blog (I suggest subscribing if you haven’t already), comment spam is greatly on the rise, and it just recently hit two billion.
According to their figures the amount of spam is exponentially increasing every year, and it only took only 108 days for it to double from 1 billion to 2 billion vs 100 million to 1 billion in 257 days. Bleak news, indeed.
Comment spam has good comments beaten by a factor of 9 or 10.
So, what can be done about this?
One simple thing… let the ISP know.
Many times spam is submitted from someone’s webserver via a chunk of malicious software, but other times it is right from their own computer. Either way, if you notice comment spam is coming from the same IP (or even really similar ones, for example: 24.24.24.135 and 24.24.24.136), you should run a search on a site like domainwhitepages.com to get the IP addresses information.
After that, look for an “abuse” contact and send them a report letting them know one of their users is spamming. If their is no abuse contact, get the ISPs name, goto their site, and contact them.
When you collect a bunch of comment spam it gets reported to Akismet, but what happens then? As far as I know, nothing. Akismet is really good at preventing spam from appearing, but the fact remains it is still being submitted and it is up to us (bloggers) to prevent it from being submitted in the first place.
The amazing thing is, I have done that with some ISPs in places like Russia and China and it didn’t even take more than a few weeks for that IP to stop spamming me. They don’t like spam either, it costs them $$$.
Please subscribe, or else I will cry. Do you really want to make a programmer cry?
July 12th, 2007 at 11:31 am
Bleak news, nicely said. Looks like Aksimet gonna let in more and more spams, and our situation is getting worse. Also it looks like OpenID have failed, too, so there are not many ways to go for us. At the moment I have only two ideas - to make a smarter comment submitting (powered by AJAX, for e.g.), or to replace standard capcha with CSS puzzle tokens…
July 12th, 2007 at 12:06 pm
The truth is if people would stop downloading “free screensavers” and other malware-filled files there would be at least 70% less spam, but idiots keep insisting on downloading that stuff. It is amazing how many non-tech savvy people I talk to still believe “if it is on the Internet it must be safe and true”
And the other problem is security holes in our blog software. A while back I completely disabled commenting and pings for a post and it still got spam. I’d love to see the WordPress devs explain that one, because from my point of view it looks like pretty poor bug fixing, plus it has been a known issue for years. I think the problem is that WordPress isn’t modular enough, too much crap gets loaded that doesn’t need to be loaded, so security holes are introduced.