fluffy rambles: Spammers are relentless and weird

Spammers are relentless and weird

July 10, 2024 11:15 AM (a year ago)

Lately I’ve been getting a bunch of attempted spam comments on random blog entries. Okay, nothing unusual about that, right?

Well, it’s a little unusual in that I use isso, an obscure comment system that requires Javascript to work, so at the very least there’s some sort of browser-based automation, if not outright sweatshop laboring happening.

But today I just got the weirdest fucking spam comment ever. Not weird because of the content (it was for a list of dental clinics in India, which I guess is pretty weird), but because of where it was posted:

On an entry that requires login.

Specifically, one which was only linked to from RSS feeds and Mastodon originally as part of an extremely unscientific poll and which was posted entirely without context, but also has a link from this entry.

The sequence of operations necessary for someone to have tried to post a comment on that entry:

Somehow make their way to one of the access-protected links
Enter a gmail address for the login method they used (which appears to have been created specifically for spamming purposes)
Get the login link through gmail and visit it
Then try to post a completely irrelevant comment which I then had to delete from my moderation queue

There is no fucking way this was done automatically, right? I mean, okay, I can see how it could have been done automatically, but that requires them to have known to automate entering an email address into an <input id="me" type="url"> and I just don’t see that happening.

And in fact I checked my server logs and because of the way the Authl flow works I can actually see them specifically typing in an email address, kind of slowly even (so they didn’t copy-paste it in), although that could possibly be an anti-spam-detector userscript doing it as well.

And all for what? Why the hell would anyone want to post a spam link to an access-restricted entry that is not visible to the public? I understand the mentality behind shotgunning but this isn’t even aiming the shotgun at a barn, it’s aiming it in the general direction of a fly that’s three miles away!

Why do spammers try this fucking hard? Is the Internet really that far-gone?

How they got the link to that specific entry was also a pile of weird coincidences. In my logs I see them arrive at my site, go to the articles section, get a login link from that (which exists only because of an access-controlled link to an article supplement, although that shouldn’t really be on the index so I’ve since hidden it from there), then they poke around the site a little more, then they click on the authentication link when it comes in, visit my blogroll, and then the “login methods poll” happened to be the next date-based entry from there (I have since removed that entry from pagination too). So they clicked on the “next entry” link and then try to spam that!

That seems like a lot of effort to post a comment that nobody would ever see even if it weren’t moderated.

Anyway the upside to this is I’ve noticed a lot of updates I need to make to my blogroll.

Still, why?!