Sigh …
Checked my email this morning to find about 50 spam comments on this weblog, about two for each of the last 20 or 30 posts, all posted during the night. Fortunately, the comments all came from the same IP address so it was fairly easy to delete them en masse from my database:
DELETE FROM comments WHERE comment_author_ip='...'
The same person turned up again later in the day with more of the same. Needless to say, the poster’s subnet is now blocked from accessing my site, via a tweak to my Apache config. The comments weren’t terribly pleasant, and I don’t think anyone actually read them (haven’t checked my log files yet), but they’re all gone now.
Update 09:13 Monday 1 November: Amusingly, my tactics above appear to have worked. The spammer is still issuing the comment requests, presumably in an automated fashion, without realising that every single one of them is returning a ‘403 Unauthorized’ error.