Skip to content
 

Odd Comment Spam Attempts

Starting on November 10th at 10:29am (EST), running through this morning at 6:30am, I have received dozens of comment spam attempts across most of my WordPress blogs. They all followed the same basic format:

Deneen Carrillo | aejqtb@lobhyi.com | IP: 94.102.60.151

5wj9j1bdvd74zbcv

A real looking name, an obviously fake email address (usually with a non-existent domain name, which should immediately flag the comment as spam if WordPress or Akismet were intelligent), an IP address from 94.102.60.151 94.102.60.152 or 94.102.60.153, and 16 random letters or numbers.

The user agent strings varied widely:

  • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
  • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
  • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
  • Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
  • Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
  • Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
  • Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7

The bot also submitted every form on the page, including the search form and the submit box. Maybe a simple form should be created to auto-block anyone that submits anything to it. And the bot never downloads images or anything other than the page. Maybe a plugin should could check that a user downloaded some other content before allowing a comment to be submitted? Yes, this forms a horserace, but it may work in the short term.