Comment Spammers Fight Math Questions
For some time now I’ve been using a custom version of Did You Pass Math together with Bad Behavior and ever since my WordPress blog has been spared from comment and trackback spam. Now the comment spammers strike back!
Did You Pass Math is a WordPress plugin that asks the poster of a comment to answer a very simple math question like “Add 7 and 6 to post your comment”. If the correct answer 13 is given DYPM assumes the poster is human. In my modified version a Javascript fills out the correct answer because currently spam bots don’t execute Javascript. (It would be funny though to hack them through this “feature” and thus render them useless.)
I’v noticed the following referrer in my logs (line breaks added)
http://www.google.com/search?hl=uk&
q=%22+%28Add+7+and+6+to+post+your%22&
btnG=%D0%9F%D0%BE%D1%88%D1%83%D0%BA
and instantly knew I had an e-mail in my inbox telling me to moderate the spammer’s comment.
What happened?
To spare you the copy and paste: the search was for ” (Add 7 and 6 to post your” and my blog was the only match. Notice the blank and opening parentheses at the beginning that make this query very inflexible? Tells you about the (hopefully not hugh) success of this method to find blogs for spamming.
Or was the search configured to try many different variations? It would be interesting to know which combinations the spammer(s) tried. Every combination of single digits? Every number from 0 to 10? Was the (very likely automated) search only aiming at the currently used “add” to post question or also at “multiply”, “divide” and “subtract”?
I think it is not that hard to find a different phrase and some different numbers to ask the same question and slip under the spammer’s radar at the moment but it might get harder to do so in the future. I’ll stick to my current setup and see how severe these “attacks” are getting and will report back on new developments.
Be prepared for some comment spam — again.