Wow, I’ve just received my first batch of comment spam from a real “person” (if spammers are to be considered people.) It’s all from the IP address of 220.127.116.11, which is in China. The first hit was this morning at 2:03am. “18.104.22.168 – – [13/Mar/2007:02:03:31 -0500] “GET /journal/2007/02/08/powered-by-wordpress-directory/ HTTP/1.1” 200 5080 “http://www.google.com/search?q=powered+by+wordpress&hl=en&newwindow=1&start=20&sa=N” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
So, he started out by googling for “Powered by WordPress.” Then he actually visited my web site (the home page, another blog entry, my jokes listing, a few jokes, back to the blog, submitted comments on several entries, then left at 2:48. So, he spent 45 minutes on my site, for no real purpose. I guess this is the next wave of things to fight against.
This clickstream would have defeated Bad Behavior. And Akismet missed all of the comments as well. A human would have gotten past a CAPTCHA or math question. Hmmm, adding all of ChinaNet to the firewall? That would only work until the spammers use infected Windows machines as proxies, so it looks like they are surfing from the US.