It is possible that it just looks for very generic pages and posts (the spam bot, that is). After all, it isn’t too hard to just look for text areas and submit to them.

I would suggest counting the number of links in a comment. If you get more than a couple, it’s probably spam and can be blocked. This is done mainly to increase ranks in Google. Manual spamming is unlikely, even if it is by children in a sweatshop working for a shiny coin each day.

I’m sure you’ll see ADSL2+ in your area eventually.

Rhys

Actually, having looked at the spam again (why haven’t you removed it yet?) it looks as though it uses both a standard <a> tag followed by a BB-Code style tag, suggesting that it has been done to work with other blogs as well.

Also, another way to help with the spam is to add a rel=”nofollow” to any links in comments that have been made in the last x days. That way, Google bomb attempts don’t work because Google will ignore the link. By adding the limit on the number of days the rel=”nofollow” is active, legitimate comments can still post links. I’m assuming you could do it at the rendering stage.

Also, I have noticed on my blog that spam messages sometimes have a tendency to go towards posts that are of some relevance to them. For instance, the “My Bike has put me in the Red” post ended up getting spam from all sorts of get-rich-quick and kill-your-mortgage schemes. (These spam messages were trapped by WordPress and never actually made their way on the site).

My experience has been that these sort of measures I have described are quite effective at stopping most spam. As long as the methods used to prevent spam keep up with the spammers things should be fine. I also have a feeling that these bots check back on whether their spam worked or not and if they did they resend. Fortunately with a link check mechanism and the rel=”nofollow” you should be able to stop spammers (or at least any benefit they get from spamming) without interfering with your legitimate comments.

Hi Rhys,

I hadn’t removed them because I’ve been insanely busy moving house (and without much internet). Thank you for your detailed suggestions. I will definitally implement rel=nofollow, I don’t want my Google ranking suffering either. I’d rather not have to limit the number of links, though that would work – instead I might have one of those image type-the-number things.

Being that it is BB-Style code I think you’re right about it being a bot. Good – that makes it easier to defeat.

Cheers,

Will.

I thought that was probably why they hadn’t been removed.

Excess links might just warrant it to await moderation (add a moderation flag to your table). When you are moderating, you could add reg exp filters to prevent the same spam from coming back.

Actually, having seen that the bot is still adding in links to that post you may want to remove them asap. It is possible that the bot sees this as an indication of the vulnerability and returns more often.

hmm ok, I’ll remove them now.

I think I’ll spend some time on the weekend making my site more spam-proof. Any post which starts with a link is sus as well.

Will.

Thanks Rhys, i’ve implemented some of these ideas.