Yahoo Spam

I got ~15 spam comments with just a link to Yahoo and nothing else earlier. I wonder what it could be, usually when I get random spurts like this it’s with nonsense domains.

9 thoughts on “Yahoo Spam

  1. I got something like that today, too. All of them hit in the same minute from different IPs around the world. Looks like maybe somebody’s testing out a new spamming script.

  2. I’ve seen this happen on occasion — it’s either, like Andy says, someone testing out a new spamscript, or more sinister: Someone is trying to poison the well by having people add legitimate domains to their blacklist, in the hopes that people will eventually have to turn off their (more often than not, MT) spam filters because they otherwise will block legitimate comments or trackbacks.

    Perhaps having a distributed automatic whitelist will work.

  3. I got hit by about 160 of the Yahoo comments. And they didn’t come through blacklisted proxies. Any of the theories mentioned could be true: flubbed experiment, attempt to poison the well, etc.

    I’ve also seen quite a few of those huge backgammon spams, too. Of course they go straight to moderation due to all the links. Well, actually now they go straight to the spam blackhole, because I’ve blacklisted all of the domains that I’ve seen in them. But those are annoying, too.

    I’ve taken to blocking the most prolific spam IPs at the firewall level, before WordPress (or Apache for that matter) even sees them. The most effective block for me has been on 148.244.150.0/24, which is *still* attempting 5000-10000 hits per day, despite the fact that they can’t even touch this host now (but it shows up in the firewall IP accounting logs, which is why I know they’re still trying).

    I hate locking out a whole block like that, but my server has been much happier with the reduced load.

  4. Hi Matt,

    I got a bunch of those also, but mine seemed to be manual, although while I am writing this comment a friend has just IM’ed me, saying he also got 5 this morning.

    Anyway, you can have a look at a little bit of analysis I did on these spams just now. You can see it here: http://www.runningwithbulls.com/blog/?p=50

    It would appear that they are automated, as the orig. IP seems to be different for a number of them.

    hope that helps someone,
    cheers
    bBt

SHARE YOUR THOUGHTS