For anyone operating a blog or forum combating comment spambots are a daily nuisance.  These spambots are normally small applications or scripts that comb the Internet just like search engine web crawlers, but instead of indexing your pages these spambots are looking for web forms where they can post there spam comments.  These spam comments are very similar to the spam messages you find in your email spam folder with contents ranging from pharmaceutical spam, phishing, and Trojans masked with catchy one liners advertising naked pictures or movies of a famous star.

While doing some research on these spambots I came across a really insightful video using a tool called Xrumer which is is a Windows based program that posts spam.  This application really shows how much intelligence is built into these spambots.  Xrumer can defeat many of the common safe guards used by forum and blog administrators such as account registration, CAPTCHA, and email activation.  If you haven't seen the video demonstration I would recommend taking a look at it here: Xrumer Demo.

In an attempt to learn more about the who, what, where, and how of these spambots I have started harvesting data captured during automated spam attempts seen here at sudosecure.net.  I am opening up this harvested data to the public in hopes that in may be useful to someone.  This data can now been found here: http://sudosecure.net/spambot, and as with all of the data I make available to the public I advise you take caution in utilizing it.  As you can see when visiting this new portion of sudosecure there is a lot of data captured on these spambots, and what I have attempted to do is provide several different view points into this data to make it more usable.  I can see this data being utilized not only by security researchers, but by site owners and administrators as firewall rules and .htaccess files could easily be constructed to block these spambots.  With that being said I must point out that just because an IP address or User Agent is seen in this data set does not mean it is a bad guy.  User Agents are easily spoofed and compromised or misconfigured computers can be utilized as proxies for these spambots.  Anytime you implement an IP block or User Agent filter you run the risk of blocking a legitimate user from visiting your web page, so again don't generate filters or blocks unless you are absolutely sure you know what your doing.

I am sure this data will lead to new articles being published here at sudosecure, and if you have any suggestions or comments regarding this data feel free to contact me anytime.