The FXScript Reference site is 100% scratchbuilt. I created it partly to teach myself more practical PHP and MySQL skills and shunned any existing code snippets or libraries. Yet the site and my home-built commenting system is getting pounded with spam.
How is this happening? It’s the usual crap; laser this, cheap pills that, a bunch of links that were scuttled by my post-cleaning routines, fake comments with links to casinos and porn. The spam is coming from different IP addresses each time, usually from India, Russia or Columbia. All spam comments were posted using Firefox.
The k30fps entry has been taking the brunt of the spam (72,000+ hits vs a normal average of 2500-3000 hits for other items?).
I set up a quick log to collect all $_SERVER and $_POST data for any comments posted, to see what was happening. I was hoping something would stick out like curl or some unknown referrer page. No such luck, everything looked normal, the most troubling thing was the user agent:
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10
I suspect there is a hacked Greasemonkey script out there which exploits HTML form auto-entry to insert spam comments. There’s not much I can do about blocking that.
Traffic has been low recently, except for the spammers, so I’ve unfortunately decided to turn off comments for the time being. Maybe the lack of exploitable forms will get me off the spam list. When I have more time I will try to hook into Akismet. Since turning that on for my WordPress site I have not had to manually delete a single spam comment.
If anyone has something they’d like to contribute, send me an email and I’ll either post it for you or open the site a window for posting.
**Update** Comments are on again.