April 25, 2010

Curious comment spam

I few weeks ago, I mentioned that it might be interesting to keep closer track of the IP addresses of the comment spammers. Before, anyone getting flagged would have their IP address put into a killfile and that was that. I got to thinking that an infected system is probably cleaned out after a month or two so I could keep my killfile smaller (and the processing faster) by deleting old IP addresses. What has been interesting is that there are now two groups of comment spammers. The first are those who hit from the same IP address several times/week. There are not that many of them. The second are interesting and a bit worrying -- these will attempt a spam once and only once. That IP addresses never cruises my system again. In the last four weeks that I have been gathering this data, I have about 20 of the former and over 250 of the latter! I have the vision of this big bot-net sitting there waiting. It is mostly the large commercial ISPs too -- Comcast, RoadRunner, etc... Posted by DaveH at April 25, 2010 7:13 PM