Possible, NEW Wordpress Spam Method * Alert *

[RedMatrix]

Warriors,

I have been working on other people's WP blogs as their tech. I have noticed a trend this past week. Perhaps I am paranoid, but I wish to alert the general community.

There are some comments whose authors have a real-sounding Name, and the name is linked simply to Google.com. (This means they entered goog's url as their own)

This isn't spam in and of itself. - Right.

The content of the comment is a one-liner. It goes something like this:

• This is a good post, please write more
• I like what you said here, will be coming back
• Great post. I am subscribing to feed.

Again, this isn't spam. - Got it.

H O W E V E R

Once the blog admin approves this benign comment, the Commenter *possibly* gets out of the moderation queue when they post anew.

Default WP settings are set to hold all comments in a moderation queue if they have:

• more than 2 outbound links, or
• they are a new commenter, or
• the comment has any of the words that the admin has typed into the censor box. (like cuss words, FREE, @*.ru, etc.)

When these visitors/commentors see their comment was approved, they can now circumvent the default WP filters, and post a link to wherever they want. And they may not even care to write legibly. These comments don't trigger an email to the blog admins, and may not show up in the dashboard.

Just a little FYI from a guy who has seen the same commenter across several WP blogs that he has admin access to. You have been warned!

[mike52683]

I've had two of these type of comments on my blog this week. Thanks for the heads up!

[bgmacaw]

I put all comments with links in them into moderation automatically. Problem solved.

[Janet Sawyer]

One Word

ASKIMET



Stops these little blips in their tracks........ and you can delete in daily mode or leave them there festering for a month and then askimet just kills them for you anyways.

And Google won't ever see them.

Get Askimet. One code sign up covers all blogs.

[keyaziz]

Thanks!

I was wondering what these google comments were. I haven't approved any of them - had about 10 on one site in a couple of days.

[jdbell1960]

I've had over a hundred over the last 2-3 weeks. Always from a starnet domain in China.

[Lokesh Sharma]

People will find all sort of spamming tactics.

Here's yet another...

They can simply link to anything like yahoo, google or gmail in the website address field which makes the moderator think they are not webmasters.

Then, they'll post a comment like:

"Nice work "

Thats it... I hope you get my point, if not, simply ask

Regards,
Lokesh Sharma

[RedMatrix]

I realize you should get akizmet. But a lot of people don't have that, and they don't change the default filters.

[htwfh]

Thanks for the posting! Just one more thing to keep an eye out for. Dang pirates!

[melanied]

Just one more way that you get taken advantage of if you don't modify the default settings! LOL

[YellowDot Software]

I've had quite a few of these across my blogs. Even on the big ones running akismet some things still get through. Luckily the people approving the comments have a good BS meter:-D

[artwebster]

Who on Earth would approve such a useless and inane comment any way? Surely nobody is so desperate for the possible links that they accept this sort of rubbish?

[David]

Quote:

Originally Posted by Janet Sawyer

One Word

ASKIMET



Stops these little blips in their tracks........ and you can delete in daily mode or leave them there festering for a month and then askimet just kills them for you anyways.

And Google won't ever see them.

Get Askimet. One code sign up covers all blogs.

yea akimet stops them by adding them into the spam que but if I understand the OP post he is saying "once you authorize a benign looking albeit empty comment, that purportedly comes "from" google... then you've allowed the @ssholes access."

in other words if you allow a seemingly innocent comment, the bastards are now bypassing askimet.
"give em an inch and..."

[RedMatrix]

That is correct Dave.

[Karen Blundell]

Quote:

Originally Posted by artwebster

Who on Earth would approve such a useless and inane comment any way? Surely nobody is so desperate for the possible links that they accept this sort of rubbish?

I could not have said it better myself, Art

and RedMatrix, getting Akismet is never a problem...every WordPress install comes with Akismet pre-installed and all you have to do to activate it is to create an account at WordPress.com as if you are getting a blog from them, but what you're really wanting is the Akismet API key that you then input into the Akismet settings of your self-hosted WordPress blog

[Eric Reed]

Quote:

Originally Posted by Janet Sawyer

One Word

ASKIMET



Stops these little blips in their tracks........ and you can delete in daily mode or leave them there festering for a month and then askimet just kills them for you anyways.

And Google won't ever see them.

Get Askimet. One code sign up covers all blogs.

Thanks for the heads up, I aggree, ASKIMET is your best bet, all that kind of stuff always ends up there on my site then gets deleted.

Eric

[David]

Quote:

Originally Posted by artwebster

Who on Earth would approve such a useless and inane comment any way? Surely nobody is so desperate for the possible links that they accept this sort of rubbish?

Us warriors are a select few

the unwashed masses out number us by a wide margin

what seems to be sensible to you... many even in the IT field are not as savvy.
you are assuming quite a bit in this statement:

"Surely nobody is so desperate for the possible links that they accept this sort of rubbish?"

The overwhelming majority (99.9% of users) have no reason whatso ever to assume that what they see is rubbish.

I teach corporate marketers, people with more than one degree this stuff and they are just as gullible as the newest newbie... what we consider normal, the outside world see's us as Gods.

I'm not exaggerating in the least bit


you are assuming quite a bit... I'd counsel you to not be so judgemental

(if I was teaching you that is)

[Andy Fletcher]

Some of the spammers obviously didn't read part 2 of the guide. I've received loads of these linking to Google but maybe 10% of them use these exact comments but link straight to themselves. It's lazy is what it is!.

[Kim Standerline]

Serves em right then if they get loads of spam replies on their blogs

Quote:

Originally Posted by RedMatrix

I realize you should get akizmet. But a lot of people don't have that, and they don't change the default filters.

Its easy enough to install Askimet as a matter of course when building a blog and changing defaults etc should be done as a matter of course

Kim

[RedMatrix]

Quote:

Originally Posted by Kim Standerline

Serves em right then if they get loads of spam replies on their blogs

KIM!

How un-warrior like of you! We are here to help, not bash.

[Kim Standerline]

I can assure you I'm not bashing anyone (I hate it when people make unjust accusations)!

I stated a fact, if anyone is daft enough to build a blog without taking the few minutes it requires to safeguard it then they deserve the spam posts etc they are going to get.

It takes a few minutes (if that) to install askimet and to make a few changes to the default settings. If folks are not sure how to do it, there is plenty of information out there in Googleland.

Kim

Quote:

Originally Posted by RedMatrix

KIM!

How un-warrior like of you! We are here to help, not bash.

[David_Thompson]

redmatrix what version of wp are your clients using and is this open
to all wordpress versions?

In wp latest they are working hard on the spamming issues
and even akismet have update again to fight these spam
comments...

--David

[Steven Wagenheim]

I have the easiest solution to this problem.

I simply don't allow comments on my blogs.

[igorhelpsyousucceed]

Quote:

Originally Posted by Steven Wagenheim

I have the easiest solution to this problem.

I simply don't allow comments on my blogs.

REally?

wow... you are loosing traffic, leads, subscribers, seo rankings..you name it...

The form of spam described above isn't that of a new one,
It goes way back to people simply generating traffic and backlinks
for their website...

Igor

[Kim Standerline]

Allowing posts can be a double edged sword!

You get to the stage where you can smell a spammy post a mile off, and if in doubt, I usually delete it anyway

Kim

Quote:

Originally Posted by igorhelpsyousucceed

REally?

wow... you are loosing traffic, leads, subscribers, seo rankings..you name it...

The form of spam described above isn't that of a new one,
It goes way back to people simply generating traffic and backlinks
for their website...

Igor

[Harry Behrens]

It takes exactly zero seconds to install Akismet since Akismet comes already pre-installed on every wordpress installation.

All you have to do is activate the plugin and put in your wordpress API number (which you only have to get once ever in your life for free, and once you have it you can use the same number over and over again forever in unlimited installations).

Once Akismet is going you can receive every benefit of having comments active without having to deal with even a single piece of spam, as has been my experience in years of using it.

So yeah anyone who isn't using Akismet, well I'm not gonna say they deserve anything, but they could *very* easily solve their problem for good.

[RedMatrix]

Quote:

Originally Posted by Kim Standerline

I can assure you I'm not bashing anyone (I hate it when people make unjust accusations)!

Kim, not saying you are wrong. Put another way, when a blogger doesn't take the few minutes to set up a WP install correctly, they shouldn't complain about spam comments. It is a logical progression. So yes, they *do* deserve it -- I agree with you!

But I wouldn't have said it the way you did, is all.

Quote:

Originally Posted by David_Thompson

redmatrix what version of wp are your clients using and is this open
to all wordpress versions?

They are running 2.7.1.


Akismet is easy to activate, but some just don't know how to get their API key, or care to. I know I don't want to use *my* API key on my clients' installs. I do tell them about it. I say register here, and forward me the welcome email. Seldom do. If I were to charge for spam-proofing, then that's another matter. They barely pay for my technical expertise.

[Steve Crooks]

Akismet seems to catch these comments quite well on my blogs.

[Kim Standerline]

We are 2 different people, so I guess we probably see things differently

I say things the way I see it. To me its a logical process, if you are going to install a blog, then the initial set up is important.

Re the askimet key, if its causing you problems installing your own on clients blogs, (and I can see why you wouldn't wish to do so), then why not generate another one just for your clients

Cheers
Kim

Quote:

Originally Posted by RedMatrix

But I wouldn't have said it the way you did, is all.

They are running 2.7.1.


Akismet is easy to activate, but some just don't know how to get their API key, or care to. I know I don't want to use *my* API key on my clients' installs. I do tell them about it. I say register here, and forward me the welcome email. Seldom do. If I were to charge for spam-proofing, then that's another matter. They barely pay for my technical expertise.

[Karen Blundell]

Quote:

Originally Posted by Kim Standerline

We are 2 different people, so I guess we probably see things differently

I say things the way I see it. To me its a logical process, if you are going to install a blog, then the initial set up is important.

Re the askimet key, if its causing you problems installing your own on clients blogs, (and I can see why you wouldn't wish to do so), then why not generate another one just for your clients

Cheers
Kim

I instruct all my clients to sign up for their API key from WordPress so that I can activate Akismet for them. I explain it like this: the developers of WordPress developed the plugin specifically to combat comment spam. So this is a plugin that they should use. All my clients to date have followed my advice.

I think allowing comments on your blogs is a great way of creating interaction and "stickiness" to your site. I have installed "Do-Follow" as well so commenters links are meaningful. I have no trouble moderating comments. I still get spam, but Akismet handles most of it, so no worries.