Bizarre Blog Comments - Spam? Hack? Pls Help

[trishworks4u]

I am becoming more cautious and jaded by the day. One of my affiliate sites was hacked last month and my main email account was hacked this week.

Anyway, I have a new affiliate site and one of the pages is a wordpress page that just pulls in ebay auctions. I have pending comments that I can't decipher and am curious more than anything else because I am sure that they won't be the last. Here is what they look like:



The links go absolutely nowhere. I don't get it. Anyone?

[AaronJones]

Quote:

Originally Posted by trishworks4u

I am becoming more cautious and jaded by the day. One of my affiliate sites was hacked last month and my main email account was hacked this week.

Anyway, I have a new affiliate site and one of the pages is a wordpress page that just pulls in ebay auctions. I have pending comments that I can't decipher and am curious more than anything else because I am sure that they won't be the last. Here is what they look like:



The links go absolutely nowhere. I don't get it. Anyone?

I get those also...not sure either.

Aaron

[Sumit Menon]

I get those too.. Akismet just weeds them out usually.

[trishworks4u]

yeah - but I wanna know what it means??? there has to be a point to that...

[Jagged]

I get one's that are like those...a bunch of non-sense, jumbled letters...or just a bunch of question marks...strange stuff....
If it's nothing, there's a lot of really bored people out there...

[Sumit Menon]

Quote:

Originally Posted by Jagged

I get one's that are like those...a bunch of non-sense, jumbled letters...or just a bunch of question marks...strange stuff....
If it's nothing, there's a lot of really bored people out there...

I got 1,000 of these in 3 days...

[globalpro]

Hi,

A lot of times they are test runs from someone that is getting ready to spam blogs. No sense entering real info, unless it works.

Thanks,

John

[DogScout]

Did you run the IPs thru an IP checker. That would at least tell you where they came from.

The 1st one is Texas: DILLIG ENTERPRISES LLC (looks to be out of business)

2nd is UK: RapidSwitch Ltd (also out of business, at least the URL re-directs to a health blog!)

Both are listed as 'suspected network sharing devices' Both are suspected of Geo cloaking. The 1st one looked like a Danish origination. Strange.

[DogScout]

looks like they are using proxy servers; either Philippines or Singapore?

[Sumit Menon]

Quote:

Originally Posted by DogScout

looks like they are using proxy servers; either Philippines or Singapore?

Now, that's just plain rude.

[Johnathan]

It's a combination of things:

a) Some individuals are testing your system for exploits
b) Some script kiddies ("hackers" who really have no clue what they are doing, but like to be called a hacker because it sounds 'cool') -- use other peoples software to test for exploits, with really no clue what they are doing
c) Sometimes testing/probing for proxy servers/relaying

etc, etc.

It's not really anything to 'worry' about, unless of course you have your own server in which case you need to make sure no rootkits, etc, are installed on your system.

Johnathan

[sbucciarel]

Looks like a comment bot doing a test run, but all of Jonathan's suggestions are relevant. I get this crap all the time.

[trishworks4u]

very helpful - so it's "pre-spam" perhaps... toe-dipping before the hack. comforting.
thanks for the insight.

[jendoe]

On my very small niche content site I have a "feedback" form - it goes to my email, nothing gets posted on the site itself...

And during the course of about 1 or 2 weeks, I got a couple of these too! But, nothing since then!

I assume it was some sort of auto-bot testing places to leave comments, and when my site "failed" by not posting anything, it moved on...

Weird to see though, isn't it?

[Johnathan]

PPS --

Not sure how much of a programmer you are -- but if you want to remove
that question -- add a very simple get/response question.

I.e., before someone can make a post, add something like "What is 2+2?"
Obviously the answer is 4. But the bot won't know that, so if the answer
is incorrect, simply don't post.

[mgkimsal]

I always thought the purpose of this junk was to lower the efficacy of spam filters in general. A few years back "bayesian filtering" became the rage, and this sort of spam (both from email and comment spam) seemed to take off. Bayesian filtering requires a list of 'spam' (bad) and 'ham' (good) - someone needs to identify each, and as each body of ham or spam grows, the system can do a better job of identifying which is which by comparing to know spam or ham. If your ham body is overrun with this sort of junk, it makes the filters far less effective.

That's been my take, but the "probing for holes" is probably another good theory. Probably fact - I've never talked to spammers to figure out why they do this sort of stuff!

[Profit-smart]

It's software crawling through a list of blogs looking for vulnerable targets; thats all.

Add a captcha function.

[jig]

Yeah, CAPTCHA will solve this, although for me Akismet always catches it.

[Robert T Jillie]

Those are from a comment bot doing a test run to check out your site hoping to slip in a comment on your blog with a spam link.

My clients get them all the time and I have traced many back to spam bots but some trace back to hackers. Since you have had problems with hackers in the recent past it could be that they are back again probing to see what kind of mayhem they can create.

Not to worry ...

I'm working on a "Sherif Bot" that will track down both the spam bots AND the hackers and Kill the Dirty Rotten BasT***s DEAD!!!

It should be wort a ton of cash when completed.

I Promise to give a copy to every Warrior for Free though!...........