A WordPress blog caught a three-comment spam cluster from one Philippine IP, spacing 3 minutes apart, hiding a casino link in the middle reply with no https://.
Key Takeaways
The attack uses AI-generated, loosely on-topic comments in a reply chain so the spam sits in the middle, not at the top where review focus lands.
No https:// prefix on the embedded link made it invisible as a hyperlink in most comment UIs, bypassing at-a-glance moderation.
Antispam Bee blocked hundreds daily but missed this because the social framing (conversation thread, unique emails, no URL fields filled) mimicked legitimate pingback patterns.
Same-IP detection and exact 3-minute reply intervals are reliable post-hoc signals but require manual review to catch.
Author’s conclusion: adding comment barriers filters real users faster than spammers who have profit incentive to route around them.
Hacker News Comment Review
Commenters confirmed this conversational bot-chain pattern is years old on YouTube, with 5-7 fake accounts building a fake discussion thread before dropping a referral link.
The WordPress attack surface is specifically targeted: spammers use technology fingerprinting to identify popular blog engines and skip custom stacks with JS-based client-side checks, which see near-zero spam.
There is active disagreement on the author’s “no technological solutions to social problems” framing: one counterpoint argues social cohesion alone cannot contain adversarial profit incentives at scale.
Notable Comments
@smusamashah: Worked a “link posting” gig in university 20 years ago with Excel sheets of target blogs and started automating it, illustrating how low the barrier to entry has always been.
@PaulHoule: XRumer (~2008) already solved CAPTCHAs and email verification for link spam at scale, putting today’s AI-slop chains in a long historical lineage.