Marco's Blog

All content personal opinions or work.
en eo

The Comment Spammer

2011-06-24 2 min read Web marco

Strangely, around 6/11, traffic to this site started to skyrocket. Even more strangely, the traffic skyrocketed only in a few metrics, namely pages and bandwidth. The visits and visitors didn’t move much. How odd.

I didn’t pay much attention: after all, I had been updating the site around that same time, although I though I had started after that date. But who is to remember.

After a few weeks, though, I started to get spooked and looked at my AWStats report more closely. There I saw it: a single IP address,, was responsible for over 90% of the traffic. I checked into it on Google, where it said that IP address belongs to a Russian ISP, and that it is famous for comment spam.

I went to the log files and saw that, indeed, the perp was spamming RSGallery, the image gallery component I use. The advantage of spamming that gallery is that, by default, comments are invisible to humans (you have to click a separate tab) and are not reported to the admin. Google and other bots, on the other hand, don’t know a thing about a tab and consider all content equally wonderful.

So I went to my database to check the size of the comments table – over 70,000 comments in just a few days! As I perused them, I realized no human had ever left a comment, they were just all spam. After all, the comment function was unreachable from the way I had set up the site.

Now, there was no harm done. Fortunately I don’t have a bandwidth cap on my hosting plan, and the hosting provider will have to live with 30GB of usage in two weeks. If I had had a cap, though, my site might have been throttled or entirely shut down – or alternatively I might have had to pay up.

So, why is that considered legal? Is it considered legal? Or is it one of those things that fall under the weird jurisdiction of “illegal interference with networks” that occasionally gets a witless WiFi moocher in trouble?

Well, if you want to know what to do when the comment spam is too bad: remove the perp from access (either by installing iptables and issuing a drop, or by adding the corresponding rule to your HTTP server setup), and truncate the comments table. Both together take about 5 minutes of your valuable time, until some other moron tries the same trick.