In the last few days I’ve been getting spam comments!
This is vaguely surprising, because I have a home-made CAPTCHA (more of an interesting programming exercise than something I desperately needed, but still). My vague understanding of these things is that CAPTCHA-aware spambots are usually narrowly targeted at a particular class of them that are either widely used, or guarding a particularly lucrative high-traffic site. So the fact that spam has been getting through means that one or more of the following is true:
- My blog is far more popular than the number of real comments I get would seem to suggest.
- My CAPTCHA resembles a widely-used class of CAPTCHAs closely enough that a generic attack on them is working against mine.
- There’s some security hole in the CAPTCHA plugin, or WordPress, or some other means I don’t know about to post a WordPress comment that’s allowing spambots to bypass the CAPTCHA.
- A wide range of different people have recently taken an interest in my blog, all of whom have a peculiarly similar tendency to make comments that are irrelevant to the post in question (but would like to draw my attention to various services to earn me money, enhance my manliness, or provide me with downloads of varying legality).
- Somewhere, a spambot has gained sentience.
I’ve changed the font in the CAPTCHA to test the first two hypotheses.4 comments