“Spam, spam, spam, bots and spam”

After getting a ton of uncaught spam on our work’s WordPress site overnight, I did a quick Twitter search to see if the anti-spam filtering by Akismet had been down generally.

Instead, I found that Twitter spambots are now trying to sound more genuine by posting comments about anti-spam measures. Trouble is, they’re all posting the same comment…

A curious case of spam traffic

Very odd — my web stats are showing a _huge_ number of referrals coming via searches from over the last day or so. What’s strange is that in each case, the search terms and other query parameters are identical — all that differs is the referring subdomain (e.g., my.url.com, company.url.com, no.url.com) and the claimed IP address of the person doing the searching, which is different with every query. When checked against a geoIP database, most of the visiting IP addresses seem to be allocated to Saudi Arabia or Iran, but the occasional one comes through that claims to be from the UK or USA.

Given the frequency and similarity of the referring URLs for each request, I think I’m probably safe in guessing that the IP addresses are being spoofed.

I just wish I knew why… All the queries are directed to one page, and Akismet’s spam filters aren’t picking up any unusual commenting activity on there.

The only other thing I can think of is that someone may be attempting some form of click fraud activity on the CPC ads on that page. For as long as that remains an option, then for obvious reasons I won’t divulge which page is under attack (and through which search keywords).