An update on comment spammer behavior here on WanderingThoughts
I last wrote about comment spammer behavior (plus) and my comment spam precautions back in 2007. Three years is almost an eternity in Internet time, so I figure it's about time for an update on the comment spam situation here.
These days, by far my single most effective anti-comment-spam precaution is my invisible honeypot text field. Comment spam robots appear to be utterly robotic about filling in any text field they can see, or at least any text field that appears to be called 'name'. I suspect that the spam robots are programmed to look for the name partly because many of the field contents that I see are either vaguely plausible names or at least short things like 'xzhmrgvpx'.
(At other times, the field gets stuffed with things like 'Buy percocet' and other short sentences.)
Some comment spam robots are smart enough to get past having to preview comments before they can be posted. I suspect that they are not doing anything smarter than noticing that the new page they got in reply to their POST still has a familiar form and re-doing another POST (possibly after re-stuffing some of the field values; interestingly, the one thing that they don't seem to do is re-stuff my honeypot field). The spam robots that I see here don't seem to try this more than once.
(I assume that this means that a decent number of blogs now need this sort of repeated posting attempts.)
None of these comment spam precautions save me from actual humans (which I get every so often) or would help me against a spam robot that was specifically programmed to deal with WanderingThoughts. Thus, at the meta-level my two most effective precautions continue to be not running common software and not being popular enough to make it worth anyone's time to program something for me specifically.