On the bandwidth wasted by poorly designed spam software

I’ve been watching my web server logs in real time for the last couple of days, not intently; I do have a few slightly more interesting things to do. I’ve had a tail of the logs running on the laptop and I glance at it every now and then. What I’ve noticed is that the people who wrote whatever the software is that regularly tries to spam my comments are pretty crap. Sure the distributed nature of it is interesting but they really should deal with failures better. I recently “moved the front door” for my comments and trackbacks and 2 days on the main spam culprit hasn’t noticed and now it doesn’t even get to my blacklist before it fails, it just 404s… I’d really like to go into more detail but I don’t think that would do anyone any good except the spammers. However I do find this vaguely reassuring in some strange kinda way; perhaps the people working against the spammers are smarter than the spammers… ;)

Something I hadn’t noticed before is that the bulk of my comment spam comes from the same spammer; at least it seems that way. The spam software attempts to spam my referrer log as well as my comments and trackbacks and the domain of the url used for the referrer log spam stays the same for a while (several days) before switching to something else. When it does switch, it seems to switch for all of the spammers’ source IP addresses at once…