I started tracking error messages on one of my production sites over the weekend, wherein I get notified whenever there’s an error, rather than it just going into a log that I’ll probably never read unless someone brings it up.
It’s a good practice — usually the errors are due to little bugs that I can fix before the person has finished reading the (customized) error page letting them know that the bug is my fault and that I’ve been notified. They hit reload, everything works, and everyone’s happy.
404s are errors, too, though they’re not always my fault, so I have a different error page for those. Sometimes they are, and I can usually fix them just as quickly. Sometimes they’re the result of people mistyping links into their own sites, and I can notify them about that, or write a redirect.
And sometimes I get insight into the latest scams, viruses, and bots that are running around in the wild. Today’s the latter. I just got quite a few notifications, all at once, from a couple dozen different IP addresses (i.e. zombies), from someone who’s apparently trying to put comment spam on one of my sites. It’s fun to watch, as it’s not going to work, for three reasons:
There’s a captcha as a simple deterrent (which works surprisingly well, all told, though it’s not perfect).
There’s a moderation system — posts don’t show up until they get approved.
Even beyond the above two, which have eliminated all spam to date, the reason I’m absolutely 100% confident that this spammer isn’t going to be successful is because the page that all the zombie bots are trying to access doesn’t exist any more.
