I log attempts by comment spammers at my site Harplinks.com. I have a site where harmonica players can add links to their sites to a list of about 6,000 harmonica related sites that I’ve gathered. From the onset, I have been plagued by spammers trying to put links to everything from sneakers to gambling to drugs. I am guessing that they use some kind of automatic software run from hijacked machines. The IP address is always different. The ads links are usually different so I guess that these machines are remotely controlled by bad guys. (Please, Please, Please get Norton antivirus AND AdAware and run both every day.)
I haven’t had a spam post in six months by putting in some simple logic to catch the spammers.
1) Anyone who includes “[url=” in the body of their text is spammer. This url shortcut is used on some popular boards, but is not a feature on my sites and is a clear indication that the person is a spammer.
2) Anyone who includes the anchor tag “<a” in the body of a description is a spammer. I clearly say no links and I mean it. There is a links field. Anyone who needs to put in a long list of links in the body of the description is a spammer.
3) I look for one of about 50 different free websites like 100megsfree, 100freemb, 250m, freehostpro or blackdaddy. Anybody steering users to one of these sleazy free websites is a spammer. No website of any value has ever been hosted on these sites.
4) Next I look for the strings “forum”, “message” or “.php” in the body of the description and URL. There is only one reason to send users to a forum or a php page that’s to show them a drug ad.
5) I then check the url and description against a my standard list of drug brands, teen porn descriptors, and lending and mortgage words. I have had to add words like “Soccer” and “Vacations” to the list to keep some spammers out. I also have a list of potty words, just to keep the kids out. I recently had to add the word “Hitler” to my bad words list, due to some kiddy types trying for shock.
6) I look for .ru country domain in the email address. I have never had a legitimate user that uses a Russian email address. I guess the legitimate Russian users can get a hotmail address or some other .com address. Others that I ban are .za, .hu, .bu and several other Mideastern, African and Eastern European countries.
7) In addition to routines in my programs, I ban Vietnam IPs from all my websites using a .htaccess file. I have had repeated attacks on my website from Vietnam. I am sorry, but if you are a Vietnamese harmonica player or Spec-Fic writer, you will have to use a proxy to access my site.
I use this routine at Freenameastar.com, NameAGalaxy.com, Gthread.com and I added it to the guestbook at CCBlues.com and the Geeklog Forum at ScienceFictional.com when I still had that running.
I occasionally get a false negative, but that is rare. I tell the user that they have a spam-like word, although I don’t tell them what it is. They try again and get it right. The harplinks.com spam log shows the stupid spammers trying day after day to add their spam. You would think that they would give up if it never works. They are so easy to recognize that it is just plain stupid to keep it up.