I got hit by a comment spam attack last night.
Woke up this morning to find 6 adverts for online casinos littered all over my site.
They were actually trackbacks rather than comments.
This on the very day I’d added a recent comments feature to my home page (it’s like they knew).
After deleting and IP address banning (the latter pointless I expect) I started to think about ways to block them automatically.
Sadly, although I can spot them a mile off I can’t program my computer to do the same.
It’s the same problem as writing an email spam filter.
I’ve largely been comment spam free until now, I assume this is because I am not using Movable Type so what works for MT has no effect on my blog.
But now I guess the spammers have decided to smarten up their act.
I assume they are reading the XML stuff I have on every page that publishes the trackback URL in a specific format to enable auto discovery.
Anyway, they started again just now.
I had a good look at the request headers and spotted that they had just enough stuff in there that was different from normal trackbacks (I don’t want to reveal what it was of course).
So, I added a few lines to my Apache config to block all posts that have this specific set of headers.
Seems to have stopped them for now.
Once they figure out a way around that though, I’m kinda stuffed. 🙁