Blog spammers probes

For what it's worth, I'm detecting a trend on this blog that started about four months ago, in February. Spammers are using my search engine to seek for traces of their droppings. Here's a sample of searches, extracted from my blog log:

2006.05.24 02:31:15 Search: query for 'qqqqqqqqqqqqqqqqqqqqqq'
2006.05.24 02:31:32 Search: query for '<a href="">testing123</a>'
2006.05.26 18:25:57 Search: query for ' - <a href=',-Where-and-When-.html' > WSOP Entry - What, Where and When? </a> ->,-Where-and-When-.html - - <a href='http://
2006.05.29 04:33:22 Search: query for '|"> <a href="">testing123</a> >input type="text" |'
2006.06.02 20:37:50 Search: query for 'online casino and sports betting'

Those searches have been increasing a lot in May, making me think that they're trying to assess how successful they are in spamming this blog (answer: they are not at all, but they keep trying). Meanwhile, I'm banning those IPs (which all come from Asia and Russia) from posting comments here (and may be I should even ban them straight from the web server). I think that monitoring those searches could be interesting in detecting spammers IPs, though I'm not sure if it can be easily automated (may be through the same algorythm that detects spam).

Do you see the same thing on your blog?


I've seen such queries (and more) on my sites too... However, I would tend to think they are more a direct attempt at spamming than any sort of check on efficiency.

Many reasons for that:
1) Google would do a much better job of telling them whether they've successfully spammed you in the past or not.
2) I really don't think there are spambot reaching this level of complexity out there (i.e. searching to see if the blog has already been spammed). Assuming a human would do this, you could assume they'd be more efficient (btw, I think the "testing123" strings above do not necessarily have to be spammers, unless you have other blatant spam sharing their IPs).
3) Spammers really don't care how efficient (or not) their spamming is. They spam blindly everything within reach and somewhat hope/assume something will stick at the end. Otherwise, they'd have long stopped upon realizing most blogs now automatically link="no-follow" their URLs...

and most importantly:
4) It's a common trend of spammers to try and send URLs about any way they can think of (contact forms, referrers, apache vars, whatnot). I've seen spam attempts you wouldn't even think of. Actually, I bet there are spambots out there configured for POSTing to any public form they encounter (including search forms)... Though I don't think they are quite the rage yet...

Best to ignore those, then... possibly consider banning IPs... But not much else to do I'm afraid.

@dr Dave: ah, true, I didn't think about that. Some searches indeed try to inject HTML, but others really look like they're searching for patterns.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...