Ah, nostaligia, or spammers turned me into a racist

*Sigh*.

Oh do I feel wistful for the days when address-scraping robots seeking out mailto: links was the extent of a spammer’s threat. Of course, spammers have been hitting guestbooks, blog comments and trackbacks for a while now. But a contact form or a registration page — no advantage there.

I stopped using the mailto protocol more than six years ago, and the only spam I received from a comment form was sent by an actual human. Not anymore.

The bots are customized now. Someone out there actually took the time to reverse engineer my forms for the purpose of sending spam. I’ve been battling a particularly nasty bot in the past week, and I’m confounded by the idea someone had so much time on their hands to pick my site out of the millions out there on the Internets.

What the fuck ever.

Two weekends ago, I started getting bogus registrations to Austin Stories. I’ve been pretty lazy about dealing with such obviously wrong registrations by just banning the originating IP address. Rather, I would ban the entire set — I would put 87. in my .htaccess file, for instance, to ban all addresses starting with that number.

By the end, I had turned into a racist and managed to ban the entire regions of Asia, Latin America and Europe. That’s ridiculous.

So I studied my access logs and noticed some Java program originating from different IP addresses would scrape my entire site, even though my robots.txt file allows only Google to spider the site.

I eventually added a Rewrite directive in the .htaccess file to deal with that particular bot. But it didn’t stop the registrations.

chip suggested randomizing the values of my form, which I did. The spammer caught on and adjusted the bot to bypass the measure. (I’m thinking there’s still a human component to the spamming.)

I’ve since gone further, installing other measures to catch bogus registrations. The bots still hit the site, but I’ve so far managed to keep them away from my writing anything to my database.

In the last two days, my contact forms have been hit with spam as well. Six years of near dead-silence from the spammers, and now they’re all hitting at one time. So I adjusted those forms as well.

I’m not at the point where I have to install a capcha, but with the insistence of these spammers, I may get there soon. (Makes me wonder whether enabling comments was such a smart move.)

And for all the work the spammers do to hit my site, they forgot to check one thing — whether their bogus links even make it to my site.

All the registrations to Austin Stories are approved, so even after the bot makes its bogus registration, I still need to flag it visible. You can guess how that story ends.

As impressive as their tenacity to attack my site may be, the spammers are pretty stupid not to figure out whether their work is worth the effort. Not that they would ever be accused of being smart. Or human.