CommentLuv and Spammers Redux

After my CommentLuv and Spammers post, I figured I was done with the topic. After all, I had figured out the spammers’ latest tactic and the CommentLuv authors had figured out a workaround. Alls well that ends well, right? Well, not quite. Turns out there’s a wrinkle to this story.

I should have seen this coming, to be honest. My initial spammer, who called himself “Bruce”, actually posted two comments. One had the hijacked CommentLuv link but the other didn’t. I felt this was odd but didn’t look into it. Then, a few days ago, I was looking through my spam posts, since valid comments sometimes get mistakenly marked as spam, and I found what looked like just another CommentLuv-hijacked spam comment. It was on my Aloha Friday: Happy B-Day JSL & Your Favorite Winnie the Pooh Character post.

The first interesting thing was that this spammer hijacked B’s CommentLuv link. At first, I chuckled over this as I know for a fact that B’s real name isn’t “Emily” (the spammer’s supposed name). As I was about to delete it, I stopped, though. Emily had written: “Eeyore since he is adorable in his positively pessimistic mannerisms ;)” Now that seemed awfully familiar. Almost like something B would write. So I looked back at B’s comment on my post and sure enough, it was the same. Emily had not just stolen B’s CommentLuv, she had stolen B’s entire comment! The CommentLuv link was just going along for the ride. (As an example of irony, a spammer named “Steve” stole the entire comment that Andy, the CommentLuv developer, left on my CommentLuv and Spammers post.) I looked back at Bruce’s previous comments (which I had kept in my Spam queue). Sure enough, they were lifted from other, real commenters.

So it looks like the spammers’ new method isn’t “lift the CommentLuv links”, but rather “pull some random comment from a post and use its text for your own comment.” The hope here (for the spammer) is that the author will see the text as being relevent to their post (which it is being from a real comment and all) and let the spam post through, thus allowing a link to the spammer’s website.

The good news is that Akismet seems able to catch these and send them into the Spam queue. All that bloggers need do is exercise a little caution when approving comments. Keep an eye out for spammers posing as legitimate commenters and you should be fine.