Possible, NEW Wordpress Spam Method * Alert *

29 replies
Warriors,

I have been working on other people's WP blogs as their tech. I have noticed a trend this past week. Perhaps I am paranoid, but I wish to alert the general community.

There are some comments whose authors have a real-sounding Name, and the name is linked simply to Google.com. (This means they entered goog's url as their own)

This isn't spam in and of itself. - Right.

The content of the comment is a one-liner. It goes something like this:
  • This is a good post, please write more
  • I like what you said here, will be coming back
  • Great post. I am subscribing to feed.

Again, this isn't spam. - Got it.

H O W E V E R

Once the blog admin approves this benign comment, the Commenter *possibly* gets out of the moderation queue when they post anew.

Default WP settings are set to hold all comments in a moderation queue if they have:
  • more than 2 outbound links, or
  • they are a new commenter, or
  • the comment has any of the words that the admin has typed into the censor box. (like cuss words, FREE, @*.ru, etc.)


When these visitors/commentors see their comment was approved, they can now circumvent the default WP filters, and post a link to wherever they want. And they may not even care to write legibly. These comments don't trigger an email to the blog admins, and may not show up in the dashboard.

Just a little FYI from a guy who has seen the same commenter across several WP blogs that he has admin access to. You have been warned! :p
#alert #method #spam #wordpress
  • Profile picture of the author mike52683
    I've had two of these type of comments on my blog this week. Thanks for the heads up!
    {{ DiscussionBoard.errors[888864].message }}
  • Profile picture of the author bgmacaw
    I put all comments with links in them into moderation automatically. Problem solved.
    {{ DiscussionBoard.errors[888867].message }}
    • Profile picture of the author Janet Sawyer
      One Word

      ASKIMET



      Stops these little blips in their tracks........ and you can delete in daily mode or leave them there festering for a month and then askimet just kills them for you anyways.

      And Google won't ever see them.

      Get Askimet. One code sign up covers all blogs.
      {{ DiscussionBoard.errors[889034].message }}
      • Profile picture of the author keyaziz
        Thanks!

        I was wondering what these google comments were. I haven't approved any of them - had about 10 on one site in a couple of days.
        {{ DiscussionBoard.errors[889037].message }}
      • Profile picture of the author David
        Originally Posted by Janet Sawyer View Post

        One Word

        ASKIMET



        Stops these little blips in their tracks........ and you can delete in daily mode or leave them there festering for a month and then askimet just kills them for you anyways.

        And Google won't ever see them.

        Get Askimet. One code sign up covers all blogs.
        yea akimet stops them by adding them into the spam que but if I understand the OP post he is saying "once you authorize a benign looking albeit empty comment, that purportedly comes "from" google... then you've allowed the @ssholes access."

        in other words if you allow a seemingly innocent comment, the *******s are now bypassing askimet.
        "give em an inch and..."
        Signature

        David Bruce Jr of Frederick Web Promotions
        Lawyer Local SEO - |

        {{ DiscussionBoard.errors[889817].message }}
      • Profile picture of the author Eric Reed
        Originally Posted by Janet Sawyer View Post

        One Word

        ASKIMET



        Stops these little blips in their tracks........ and you can delete in daily mode or leave them there festering for a month and then askimet just kills them for you anyways.

        And Google won't ever see them.

        Get Askimet. One code sign up covers all blogs.
        Thanks for the heads up, I aggree, ASKIMET is your best bet, all that kind of stuff always ends up there on my site then gets deleted.

        Eric
        Signature
        Gas Prices are HIGH Enough... But, your Website Graphics don't have to be: http://www.affordablegraphicsandbanners.com
        {{ DiscussionBoard.errors[889990].message }}
  • Profile picture of the author jdbell1960
    I've had over a hundred over the last 2-3 weeks. Always from a starnet domain in China.
    {{ DiscussionBoard.errors[889041].message }}
  • Profile picture of the author Lokesh Sharma
    Banned
    People will find all sort of spamming tactics.

    Here's yet another...

    They can simply link to anything like yahoo, google or gmail in the website address field which makes the moderator think they are not webmasters.

    Then, they'll post a comment like:

    "Nice work "

    Thats it... I hope you get my point, if not, simply ask

    Regards,
    Lokesh Sharma
    {{ DiscussionBoard.errors[889048].message }}
  • Profile picture of the author RedMatrix
    I realize you should get akizmet. But a lot of people don't have that, and they don't change the default filters.
    Signature

    ~Dave

    {{ DiscussionBoard.errors[889513].message }}
    • Profile picture of the author Kim Standerline
      Serves em right then if they get loads of spam replies on their blogs

      Originally Posted by RedMatrix View Post

      I realize you should get akizmet. But a lot of people don't have that, and they don't change the default filters.
      Its easy enough to install Askimet as a matter of course when building a blog and changing defaults etc should be done as a matter of course

      Kim
      {{ DiscussionBoard.errors[890278].message }}
      • Profile picture of the author RedMatrix
        Originally Posted by Kim Standerline View Post

        Serves em right then if they get loads of spam replies on their blogs
        KIM!

        How un-warrior like of you! We are here to help, not bash.
        Signature

        ~Dave

        {{ DiscussionBoard.errors[902702].message }}
        • Profile picture of the author Kim Standerline
          I can assure you I'm not bashing anyone (I hate it when people make unjust accusations)!

          I stated a fact, if anyone is daft enough to build a blog without taking the few minutes it requires to safeguard it then they deserve the spam posts etc they are going to get.

          It takes a few minutes (if that) to install askimet and to make a few changes to the default settings. If folks are not sure how to do it, there is plenty of information out there in Googleland.

          Kim

          Originally Posted by RedMatrix View Post

          KIM!

          How un-warrior like of you! We are here to help, not bash.
          {{ DiscussionBoard.errors[903016].message }}
          • Profile picture of the author RedMatrix
            Originally Posted by Kim Standerline View Post

            I can assure you I'm not bashing anyone (I hate it when people make unjust accusations)!
            Kim, not saying you are wrong. Put another way, when a blogger doesn't take the few minutes to set up a WP install correctly, they shouldn't complain about spam comments. It is a logical progression. So yes, they *do* deserve it -- I agree with you!

            But I wouldn't have said it the way you did, is all.


            Originally Posted by David_Thompson

            redmatrix what version of wp are your clients using and is this open
            to all wordpress versions?
            They are running 2.7.1.


            Akismet is easy to activate, but some just don't know how to get their API key, or care to. I know I don't want to use *my* API key on my clients' installs. I do tell them about it. I say register here, and forward me the welcome email. Seldom do. If I were to charge for spam-proofing, then that's another matter. They barely pay for my technical expertise.
            Signature

            ~Dave

            {{ DiscussionBoard.errors[903530].message }}
            • Profile picture of the author Stephen Crooks
              Akismet seems to catch these comments quite well on my blogs.
              {{ DiscussionBoard.errors[903563].message }}
            • Profile picture of the author Kim Standerline
              We are 2 different people, so I guess we probably see things differently

              I say things the way I see it. To me its a logical process, if you are going to install a blog, then the initial set up is important.

              Re the askimet key, if its causing you problems installing your own on clients blogs, (and I can see why you wouldn't wish to do so), then why not generate another one just for your clients

              Cheers
              Kim

              Originally Posted by RedMatrix View Post

              But I wouldn't have said it the way you did, is all.

              They are running 2.7.1.


              Akismet is easy to activate, but some just don't know how to get their API key, or care to. I know I don't want to use *my* API key on my clients' installs. I do tell them about it. I say register here, and forward me the welcome email. Seldom do. If I were to charge for spam-proofing, then that's another matter. They barely pay for my technical expertise.
              {{ DiscussionBoard.errors[904121].message }}
              • Profile picture of the author Karen Blundell
                Originally Posted by Kim Standerline View Post

                We are 2 different people, so I guess we probably see things differently

                I say things the way I see it. To me its a logical process, if you are going to install a blog, then the initial set up is important.

                Re the askimet key, if its causing you problems installing your own on clients blogs, (and I can see why you wouldn't wish to do so), then why not generate another one just for your clients

                Cheers
                Kim
                I instruct all my clients to sign up for their API key from WordPress so that I can activate Akismet for them. I explain it like this: the developers of WordPress developed the plugin specifically to combat comment spam. So this is a plugin that they should use. All my clients to date have followed my advice.

                I think allowing comments on your blogs is a great way of creating interaction and "stickiness" to your site. I have installed "Do-Follow" as well so commenters links are meaningful. I have no trouble moderating comments. I still get spam, but Akismet handles most of it, so no worries.
                Signature
                ---------------
                {{ DiscussionBoard.errors[905144].message }}
  • Profile picture of the author htwfh
    Thanks for the posting! Just one more thing to keep an eye out for. Dang pirates!
    {{ DiscussionBoard.errors[889541].message }}
  • Profile picture of the author melanied
    Just one more way that you get taken advantage of if you don't modify the default settings! LOL
    Signature
    {{ DiscussionBoard.errors[889674].message }}
  • I've had quite a few of these across my blogs. Even on the big ones running akismet some things still get through. Luckily the people approving the comments have a good BS meter:-D
    {{ DiscussionBoard.errors[889687].message }}
  • Profile picture of the author artwebster
    Who on Earth would approve such a useless and inane comment any way? Surely nobody is so desperate for the possible links that they accept this sort of rubbish?
    Signature

    You might not like what I say - but I believe it.
    Build it, make money, then build some more
    Some old school smarts would help - and here's to Rob Toth for his help. Bloody good stuff, even the freebies!

    {{ DiscussionBoard.errors[889802].message }}
    • Profile picture of the author Karen Blundell
      Originally Posted by artwebster View Post

      Who on Earth would approve such a useless and inane comment any way? Surely nobody is so desperate for the possible links that they accept this sort of rubbish?
      I could not have said it better myself, Art :rolleyes:

      and RedMatrix, getting Akismet is never a problem...every WordPress install comes with Akismet pre-installed and all you have to do to activate it is to create an account at WordPress.com as if you are getting a blog from them, but what you're really wanting is the Akismet API key that you then input into the Akismet settings of your self-hosted WordPress blog
      Signature
      ---------------
      {{ DiscussionBoard.errors[889948].message }}
    • Profile picture of the author David
      Originally Posted by artwebster View Post

      Who on Earth would approve such a useless and inane comment any way? Surely nobody is so desperate for the possible links that they accept this sort of rubbish?
      Us warriors are a select few

      the unwashed masses out number us by a wide margin

      what seems to be sensible to you... many even in the IT field are not as savvy.
      you are assuming quite a bit in this statement:

      "Surely nobody is so desperate for the possible links that they accept this sort of rubbish?"

      The overwhelming majority (99.9% of users) have no reason whatso ever to assume that what they see is rubbish.

      I teach corporate marketers, people with more than one degree this stuff and they are just as gullible as the newest newbie... what we consider normal, the outside world see's us as Gods.

      I'm not exaggerating in the least bit


      you are assuming quite a bit... I'd counsel you to not be so judgemental

      (if I was teaching you that is)
      Signature

      David Bruce Jr of Frederick Web Promotions
      Lawyer Local SEO - |

      {{ DiscussionBoard.errors[890185].message }}
  • Profile picture of the author RedMatrix
    That is correct Dave.
    Signature

    ~Dave

    {{ DiscussionBoard.errors[889891].message }}
  • Profile picture of the author Andy Fletcher
    Some of the spammers obviously didn't read part 2 of the guide. I've received loads of these linking to Google but maybe 10% of them use these exact comments but link straight to themselves. It's lazy is what it is!.
    {{ DiscussionBoard.errors[890257].message }}
  • Profile picture of the author David_Thompson
    redmatrix what version of wp are your clients using and is this open
    to all wordpress versions?

    In wp latest they are working hard on the spamming issues
    and even akismet have update again to fight these spam
    comments...

    --David
    Signature
    JV partnership wanted, Lets grow your list for free. Nothing to do with giveaways. PM Now
    {{ DiscussionBoard.errors[903144].message }}
  • Profile picture of the author Harry Behrens
    It takes exactly zero seconds to install Akismet since Akismet comes already pre-installed on every wordpress installation.

    All you have to do is activate the plugin and put in your wordpress API number (which you only have to get once ever in your life for free, and once you have it you can use the same number over and over again forever in unlimited installations).

    Once Akismet is going you can receive every benefit of having comments active without having to deal with even a single piece of spam, as has been my experience in years of using it.

    So yeah anyone who isn't using Akismet, well I'm not gonna say they deserve anything, but they could *very* easily solve their problem for good.
    Signature

    - Harry Behrens

    {{ DiscussionBoard.errors[903507].message }}

Trending Topics