« Filler 25 | Main | Reader's Digest »

June 28, 2004

The Searchers 2

One of the things that you may not appreciate if you don't run a Movable Type blog of your own is that it maintains a log of various activities that take place in the system. As logs go, this one is pretty minimal, a far cry from the mountain of tedious detail that your host server log collects. Even then, most of the things it records are pretty uninteresting: MT-Blacklist spam comment denials, for example.

Still, one thing it records is every search requested using that little box over there on the right, and once in awhile that can be a little disconcerting. Not many people use that box, and when they do it's often because they wound up here vainly expecting to find information about military-issue wireless communication devices. Sorry chaps. But one or two display a knowledge of bits of my past that only very few people would have, the choice of terms usually suggesting that they want to know what I've said about them. Which, in general, is nothing.

I am curious, for example, about the person who searched for fryer, hiscore and cooke in the space of a few minutes the other day, because there are very few people likely to do that. But I'm even more curious that the same person returned 12 hours later to search for ukulele.

The first three terms indicate an ex-work connection. The last seems altogether random... until you actually try it. (NB: the offending content is on the search results page, not in the entry itself.)
Posted by matt at June 28, 2004 06:59 PM

Comments

Ah well, you got me.

Posted by: James Fryer at June 29, 2004 09:48 AM

Hello!

Having retraced your steps through the server log (you do seem to have got about a bit), I was just about to add an update, summoning the suspects into the drawing room and identifying you as the culprit in true Hercule Poirot fashion. But a confession is much easier :)

I'm still curious about the ukulele search, though.

Posted by: matt at June 29, 2004 10:12 AM

While reading/egosurfing your fascinating blog, I came across the Ukes reference and I wondered if there were any other mentions. My connection is I have worked (both musical and website related) with their producer Richard Durrant.

Posted by: James Fryer at June 29, 2004 10:57 AM

If you google fryer, hiscore, and cooke, this is the only web site that comes up.

If you google hiscore and cooke, this is the second entry (and your CV is the third).

I was going to figure out all seven combinations but I lost the motivation.

Posted by: Faustus, M.D. at June 30, 2004 09:29 PM

I keep forgetting to check my MT logs, but browsing through them just now I have come to two conclusions, the most definite of which is that blog spam is posted through a zombie proxy network, just like email spam. A more tentative conclusion is that some bots search for likely posts before posting spam links.

If I can come up with a more coherent argument on this I shall post it to my own blog rather than clogging up yours, but from a few posts on how nasty Effexor was as an anti-D I'm getting an awful lot of search queries on drug trade names.

Posted by: Dunx at July 1, 2004 08:44 PM

Your first conclusion does seem very likely. The second is interesting: I'm pretty sure I've never had any spam-targetting local searches, but I have noticed that, both here and on other blogs, spam comments do seem to repeatedly crop up on specific posts. It isn't totally consistent -- there are clearly several different scripts doing the rounds; perhaps each spammer has his own -- but it's certainly pronounced.


A couple of months back, I did a bit of digging through the logs and was surprised that every spam comment attempt I could find hit the page first, rather than just calling straight through to the comment posting script. I'd expected that the spammers would just post blindly, maybe doing a single search pass to gather a database of vulnerable blogs and then hitting those places repeatedly. But in most cases there was enough delay between the page read and the comment post to suggest that some kind of scripted analysis of the page content was going on.


(As for this "clogging up" my blog business -- stuff and nonsense! Of course you should post this stuff on your own blog as you see fit -- but I'm very happy for such conversations to go on here also.)

Posted by: matt at July 1, 2004 10:24 PM

Comments for this post are now closed, but feel free to email me if you have something interesting to say.