Last week, our servers at Mollom have been actively tracking a spike in spam traffic across the 30,000 sites that we actively protect. And when I say "spike", I should say "three-fold increase". Fortunately, Mollom blocked all the pesky comment spam. As promptly as it came, the spike suddenly went away. Something is going on out there ...

Text analysis october
The Y-axis shows the number of requests per second. The X-axis shows the day of the month. The graph is for one Mollom server only.

Comments

roj (not verified):

I wonder if other spam protection services spotted the same increase?

Alan (not verified):

Here's another data point for you. I put up a site in Feb. with little more than a home page and a contact form that gets effectively no traffic. It's never gotten any spam through the contact form until some started creeping in on Oct. 5. Here's the spam message counts:

Oct. 5 - 1 msg.
Oct. 6 - 1 msg.
Oct. 7 - 4 msgs.
Oct. 8 - 3 msgs.
Oct. 9 - 5 msgs.
Oct. 10 - 3 msgs.
Oct. 11 - 2 msgs.
Oct. 12 - 0 msgs.
Oct. 13 - 1 msg.
Oct. 14 - 8 msgs.
Oct. 15 - 14 msgs.

Nothing has come in since the 15th. Looks like whatever spiked the comment spam might have had a contact form variant associated with it as well.

Wesley (not verified):

We have had a security screening on one of our websites this weekend that generated an enormous amount of spam attempts. After 12 hours the log (limited to 100.000 rows) was full.

Maybe that has something to to with it?

Michelle (not verified):

My site slowed to a crawl for a while last week and my host said it was because of all the spam bots hitting it. I use Mollom and it saved me from the spam but was still really hard on the server because of all the submitting and checking. :(

I don't think Mollom likes me... I get a captcha on every site that uses it, even when there's no links in my post.

Michelle

[email protected] (not verified):

Hey, I can see that spike in our Mollom stats report! - it shows up on 15 - 17 Oct. We've also had a longer term spike (more of a lump really) from mid August until a couple of days ago. (Comment) spam attempts were running at 200 - 400 a day, but have now fallen back to just a handful. I wonder if the bot(s) has got bored, or is just regrouping/being reprogrammed...

I also notice random forms being submitted by bots occasionally, e.g. contact form, search form, login form and other custom forms. Some bots certainly seem not to care which form it is they are submitting.

Katherine Druckman (not verified):

I am a bit late to this conversation, but we definitely felt this at LinuxJournal.com. The 15th was by far the worst day we've had in a while. Mollom blocked over 12,000 spam posts on the 15th and we've seen an increase in spam that slips through on the subsequent days. Something is definitely going on out there, but Mollom is still doing a pretty good job. Spam=evil. Please let me know if you need any info from me that might help.

Hans-Georg Michna (not verified):

For a few days now I've been seeing a new type of spam in relatively high numbers. Many new users register and fill a free-form field in their user profile with a code consisting of three lower-case letters, followed by three digits, like lmn789. These users then post several spam comments.

The email addresses are from many different domains, mass mailers like gmail.com, but also known spammer domains.

The look prettry much like spambots, but they most likely use human labor to get across the CAPTCHA barrier that I have in front of registration.

Today I had to stop automatic (email-verified) registration and now have to look at each registration for my manual approval.

I don't use Mollom yet, but I'm a likely customer for the near future.

Another point I have to mention is this: Please do not rely on content filtering. It is never going to work reliably. If you use it only for additional scoring, I would put up with it, but content filtering remains fundamentally wrong. It is actually costing human lives in certain areas.

Yet another point is this: A partly exception to what I just wrote is the spam links. All the spammers want is to lodge links, and these links point to a comparably small number of web sites. While you have to always keep in mind that for legitimate reasons somebody writes down a link to a web site that pays for these spam links, detecting one of these widespread links is a pretty strong indication for spam.

Hans