What's the point of these comments?

I'm getting increasingly mystified by comments like this:

<a href="http://ssszcwyqwer.com/">oosgqx</a> 
poiuyt http://ghjklkpgaiequgo/

What is the point of these comments? Are they an extremely subtle sort of spam? If so, what's the purpose? The domain ssszcwyqwer.com doesn't exist, so generating traffic or a high search engine ranking for it doesn't make sense.

I understand spammers. I understand people who leave stupid comments. I don't understand people who leave incomprehensible comments.

This is the blog of Peter-Paul Koch, web developer, consultant, and trainer. You can also follow him on Twitter or Mastodon.
Atom RSS

If you like this blog, why not donate a little bit of money to help me pay my bills?



Comments are closed.

1 Posted by Ruy Asan on 14 January 2005 | Permalink

Maybe it's a way to overload bayesian filters with useless data?

Or it could just be a glitch with the spamware...

2 Posted by Alex Bischoff on 15 January 2005 | Permalink

Rumor has it that this kind of thing is for "testing your defenses". So, if this gets through, spammers may next try a more thorough assault.

3 Posted by Dante Evans on 15 January 2005 | Permalink

Alex is right; they appear on many blogs as test runs for Spammers.

Or it could be some sort of strange foreign language, but I doubt it...

Take it as a warning, I suggest installing the MT-Blacklist Plugin.

4 Posted by Robbert Broersma on 15 January 2005 | Permalink

They are probably meant to make adaptive comment filters ineffective, because when there's no logical pattern in the comments that teach the filter, in the near future comments will be blocked or accepted with by means of a non-logical algorithm. And thus the adaptive filter becomes useless.

Well, that's what I think of it anyway.

5 Posted by Tom on 15 January 2005 | Permalink

Perhaps someone just went like this

sdbfo;u'ousdfvb ofvgw9;ufoui
(plays the keyboard like a piano)

If you get a few then perhaps it's something, but one or two might just be a bored user.

6 Posted by Philip Hazelden on 15 January 2005 | Permalink

Yeah, they're seeing f they can get through. A board I visit recently got a load of bots checking to see if a security hole was left open (it wasn't) by using it to print a string of random letters in Perl. I presume they then checked to see if the output contained that string, and if it did, they notified the spammer who could then do something malicious.

7 Posted by ppk on 17 January 2005 | Permalink

Does anyone have evidence for this claim? It doesn't sound unreasonable, but I wonder why spammers don't use simpler tests (for instance, placing one spam message on a site).

So I'd welcome any link to an article that explains this technique, and why it's better than just leaving spam comments.

8 Posted by Dante Evans on 18 January 2005 | Permalink

Because if they used real spam comments the filter might block them. Spammers don't use the forms on a site to send spam, they use a script. So these messages are just checking to see if you have some sort of method set up to make sure all comments be submitted via the actual form. If there is no method set up, they start spamming. I'd offer a solution, but I don't code in Perl. My solution is written in PHP.

9 Posted by hungerburg on 18 January 2005 | Permalink

dante, how do you know the input comes from a script? some pseudocode will do as well. this seems impossible to me.

10 Posted by Dante Evans on 21 January 2005 | Permalink

Only Human spammers (very rare) send spam through forms. It's way easier for automated spammers to go directly to the script. It's a well-known fact; what seems impossible?

11 Posted by Jim Ley on 23 January 2005 | Permalink

The domain doesn't exist yet, this means you're more likely to leave it around - you won't check the site and think, ooh spam, and delete it, later when the domain is registered, it comes with instant rank.

12 Posted by Dante Evans on 2 February 2005 | Permalink

Mr. WordPress himself even says so: http://photomatt.net/2005/01/05/trackback-spam/#comment-11179