Spotting comment spam
Here at Snowulf, we get a LOT of comment spam. On average we receive 48 spam comments a day (Thanks Akismet for the stats), most of these are to old articles and immediately dropped. However, a few are to newer articles and we manually review them. Most are fairly obviously spam, with links to hideous domain names or text that just makes no sense. On rare occasion a spam message makes it to us that isn’t obviously spam and we investigate. Just a few days ago we got one like that and it caught my attention because it seemed valid. Here’s a screen shot of it (Click to enlarge):
So the English sucks, but this is the internet. It also talks about wanting to “Stumble” a link and not being able to. As our social media bookmark is fairly fancy, I could see someone having issues with it. That being said… why wouldn’t you just submit it directly to Stumble or use their toolbar? If you were to check their website (which I’m not linking), it looks like a fairly valid WordPress blog. However, it stuck me as curious, so I did some digging.
First on the list is to run a
GeoIP check on the posting IP address. That came back as Reutov, Moskva, Russia.
Next I pinged the website host and ran that IP (18.104.22.168) through GeoIP, that came back from Brea, CA, USA. I don’t expect website hosting locations to be exactly the same, but at least fairly close. After all the server Snowulf is on is in Texas, and I’m in California. If I were still in Cali and the server was in London, that might be a little curious.
Last I did a domain whois. The address for this domain is listed as Singapore, Singapore and the contact email on file is : “@generalkeywords.com".
Russia, USA, Singapore, & a spammy looking email address? Yea, that comment gets marked as spam (for Akismet to learn from) and deleted. Yes, this process took about 5 minutes, a lot of time to spend on one single comment, but I think it is worth it. I hate spammers, and if by spending 5 minutes, I help thwart their efforts… it is time well spent.