On the Soapbox

Sigh.

Blog spam used to be only a minor nuisance. From the very beginning, there were attempts at comment spam, as indicated by my server logs. Fortunately, incompetent spamming software coupled with a bit of security by obscurity (since I'm like the only person using the kBlog blogging platform) shielded me. Of course, that didn't hold for long, since not all spamming bots are so incompetently written...

But even then, it was easy to deal with, since all I needed to do was filter by technical heuristics, such as the use of HTTP/1.0 (commonly used by bots/scripts, but not by real browsers), whether redirects are properly followed, and whether auxiliary files like CSS and images are accessed (as real browser would do, but not most bots). Well, at least, these filtering heuristics used to work.

These bots are now smart enough to emulate real browsers in every way, from the use of HTTP/1.1 to the downloading of images and CSS files. Also, in the past few days, I've been hammered by comment spammers (they used to come by only occassionally). The spam would come in bursts, and during these bursts, the rate of attempts could be as high as one per second. This leaves me in the undesirable position of being forced to address comment spamming through content filtering. And we all know what a hornet's nest that is...