Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

December 21, 2005

The Sorry State of Spambot Writing

While Trackback spam is a source of continuing fascination hereabouts, Comment spam is but a fading memory. Yes, we occasionally get the odd piece of hand-entered Comment spam from India or Thailand or the Former Soviet Bloc, but Comment Spambots pretty much pass us by. Which is a shame, really, because I’d like to keep abreast of developments in that field.

So you can imagine my delight in finding that this blog had been visited by a new (to me, at least) Comment Spambot the other day.

In the space of 14 minutes, it

  • made 2257 requests
  • from 91 distinct IP addresses (all, as far as I can tell, zombie PCs)
  • of which, 467 were requests for my comment script
  • among which were 151 (unsuccessful, of course) attempts to POST a comment
  • which resulted in 48 new IP addresses automagically added to my IP-banlist

How do I know all these details? Because the Spambot issues a malformed HTTP REQUEST header. (Fortunately, Apache is liberal in what it accepts, and equanimously records the malformed header to the logs.) I guess the Spambot author found the HTTP 1.1 Specification too difficult to understand.

Perhaps some public-spirited person, like Sam, could put together a Spambot Validation Service, in the interest of improving the overall quality of the Web.

Posted by distler at December 21, 2005 11:31 PM

TrackBack URL for this Entry:   https://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/706

4 Comments & 0 Trackbacks

Re: The Sorry State of Spambot Writing

It may be a mistake to taunt these people.

Posted by: Greg Kuperberg on December 22, 2005 1:29 PM | Permalink | Reply to this

Re: The Sorry State of Spambot Writing

Taunting them? Y’mean like when I was taunting the crapflooders?

Yes, it’s a (very slight) danger, but the entertainment value far exceeds the amount of damage they could possibly do.

Posted by: Jacques Distler on December 22, 2005 3:11 PM | Permalink | PGP Sig | Reply to this

More Seriously

Joking aside, I actually am interested in the state of Spambot technology, as I do wish to stay 2 or 3 steps ahead of the spammers, technology-wise.

Unfortunately (or fortunately, depending on your point of view), Spambot technology has been essentially moribund for nearly two years.

I’ve all but forgotten most of the clever countermeasures I was thinking about two years ago, when it looked like Comment Spambots were becoming more sophisticated by the month.

The shear profusion of “low-hanging fruit” means that there has been no incentive for Spambot-writers to improve their product.

Yeah, they took a page from the crapflooders and equiped the 'bots to use open web proxies and, more recently, trojanned Windoze PCs.

But the 'bots themselves are as primitive as ever. Maybe moreso, as some, apparently, are now incapable of even doing HTTP correctly.

Posted by: Jacques Distler on December 22, 2005 11:50 PM | Permalink | PGP Sig | Reply to this

Re: More Seriously

I’m afraid I’ve completely lost interest in them: I enabled Akismet when I switched to WP, just to cover me until I got my feet under me and put in some decent protection, but I haven’t really needed anything more: one or two hand-entered ones every few days, so what? Meanwhile, I’ve had 5757 direct, and thus refused, requests for wp-comments-post.php this month. Dunno how long it’s been since that actually worked, but it must still work on enough old installs that it’s not worth trying to be any more impressive.

Sleazeballs just don’t show enough initiative these days.

Posted by: Phil Ringnalda on December 23, 2005 1:02 AM | Permalink | PGP Sig | Reply to this

Post a New Comment