Got several spam comments from "vig-rx" today on various blogs I maintain. A quick look around the blogosphere indicates that the person or 'bot responsible has been busy-busy-busy today.
Mine all came from the same IP address, 61.181.5.155, which I've added to the banned list in my blog. If you've gotten some of the same comments spam, but from a different IP address, I'd appreciate knowing where yours came from so I can add it to my banned list.
Update, 1 September, 11:52am
I followed the trackback from Shelleys' blog, and from there found her excellent information on blocking comment spam from a post she wrote last October (only a week after I'd started blogging, which is probably why I didn't see it then). Thanks, Shelley. Much better solution than the IP banning approach.
Although my blog wasn't spammed by "vig-rx", I've added the IP address you quoted to my banned list.
This makes me wonder whether establishing a list of banned IP addresses would be worthwhile. Obviously that's not a "solution" but anything to make it more difficult for the bastards seems worth doing.
I got one of the same, my first comment spam, from the same IP address today Liz, which I have also banned in .htaccess. I traced the IP back through http://www.apnic.net/apnic-bin/whois.pl and sent a letter of protest to the provider, not that it will do any good.
Stan, I just looked at the photos in your blog. Wow. What a beautiful place.
I'll probably be travelling to Utah next year, as I have to go out to BYU on grant-related work. How far are you from there?
Jonathon, I think such a list would be a very useful thing to have. My only fear is that it would alert the spammers to our knowledge of their addresses, making it easier for them to shift IPs when one became "publicly shamed."
Hmmm. Need to think on this.
Testing the comments hack provided by Shelley...
I got spammed by the same bot, with the same IP. I added it to my ban list, but since your revision, I also added Shelley's hack. Hopefully this will stop any bot spamming attacks.
vigrx has visited my blog as well, first from the same ip as yours, and this last weekend from 61.181.5.118 - both have been banned and I'm considering banning the whole 61.181.5.* block - not sure if this might inadvertently shut out anyone though...
Thanks for the link.
Comment spam had hit me long ago, but it seems to be back.
But the one good thing, it enabled me to come across your site. Can't wait to read the rest!
I've gathered some info on spam on the Atom wiki under CommentAuthentication.
Sorry Liz, looks like the comment fix doesn't work. From comments left in my postings, either this is a person (or group of people) who is individually posting comments (unlikely); or they are scraping the individual entry page and pulling in the form fields to build the posting, in which case, this won't work.
In this recent set of comments, they are posting to entries found in Google searching on July 2003 and blog. Using a different IP.
Liz,
For what it's worth
61.181.5.147
61.181.5.70
61.181.5.147
That's three times began on 9/1. Last night I saw an article from first monday and blogged it here. http://www.henshall.com/blog/archives/000341.html I wonder if this type of solution - keys couldn't be used by bloggers?
Got me, too.
The IP banning feature in MT doesn't seem to work very well - I was being comment spammed last year by 193.220.178.173 and even after I added that nyumber to my ban list I still got hit twice more from the same IP. Additionally I suspect that this spammer who obviously, as Shell pointed out on her site, is a pretty smart dude and writes a mean script, is most likely forging his IP address.
fwiw - if he is not forging his IP address that IP address is coming out of China but it is most likely not chinese in origin - there are a lot of compromised servers in China and someone is likely using one to disguise their point of origin.
Blacklisting IP addresses is a useless whack-a-mole solution because it is trivially easy to use a web-proxy, redial a dialup connection or even spoof your IP address...
Putting hidden form fields is security by obscurity and is easily overcome by HTML scraping.
You may want look into the solution I just came up with. So far, it is working quite nicely.