
This is a short non-mining topic but it’s something I found interesting when writing a WordPress blog. Spam and bots are everywhere.
I started this little WordPress blog a few years ago and enable the readers to comment on each blog as well as subscribe. Well lo and behold it didn’t take long for the spam to start arriving. Both the commenting and subscribing are affected
Commenting Spam
The image below shows the typical spam that I would get in the comments section. Even though commenting requires one to enter an email address in order to post, this type of spam still sjows up. It took a few weeks for it to start but at times I would be getting 5 to 10 of these spammed “comments” each day. It’s not like my blog has a lot of followers or comments, but it still ended up a target to the bots or spiders or whatever else that is roaming around the web.
The first solution is to turn off automatic commenting to prevent comments from being posted immediately on-line. I switched to moderated comments whereby each comment needs to be manually approved by the administrator before being posted live. However after being continually asked to approve a lot of pending spam comments, it got tiresome. The next solution was implementing the CAPTCHA (see image below).
WordPress has various plug-ins designed to limit spam. One of the simpler solutions is to add a “captcha”, which is the little box where you need to type in a word or number. This is designed to hinder the automated spam-bots. CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”, a great acronym.
After five days of using the captcha, I have received no new spam and weeks later still none. However this won’t stop any manual spamming, so that will be the next thing to wait for. It’s interesting to see how much unproductive technical energy is being expended out there in cyberspace.
Subscribing Spam
The next thing I noticed was that my subscriber list would grow enourmoulsy. These new subscribers were all pending, meaning they did not confirm their subscription via a return email. So it seems some bot is creating accounts, possibly sending out request-for-confirmation emails to people who never signed up. For a while I shut off the subscribe box, but recently re-started it to see if it continues.
Conclusion
I have a blog that I don’t allow to be public and I still get spam.
On bots: Back in 2001, I was installing an operating system (FreeBSD) that needed internet access to complete the install (to download packages and update security patches). After connecting, it took 5 to 10 minutes for a bot to find my machine and infect it (three times). So even back then there were bots everywhere, scanning huge swathes of the internet for vulnerabilities.
Nowadays, there’s a firewall built into every DSL and cable modem, so it’s not such an issue (back then, I had to build my own firewall using another machine). But the bots are all still out there, and getting smarter. It’s surprising that public facing blogs can function at all.