Support » Fixing WordPress » suspicious spam/not-spam

  • over these last hours some very “strange” comments have been posted on my site. they are not technically spam, as they dont contain any links or nothing, but their wording, weird and always similar email syntax and the complete randomness and unrelatedness to the actual post make me suspect it might be some spammer trying to hack my latest comment spam protection, — spam-stopgap.php, which so far has been working like a champ.

    anyone else getting spam/not-spam attacked?
    and, more importantly: what to do?

Viewing 15 replies - 1 through 15 (of 17 total)
  • Try another spam solution:
    http://www.tamba2.org.uk/wordpress/spam

    I’ve had similar comment spam, with text like “Wonderful web site, was very useful. Lovely touch having this guestbook. Thanks” and no link. Very odd.

    Thread Starter pieceoplastic

    (@pieceoplastic)

    thats exactly the kind of wording of the comments i receive. “informative professional site” “i like your website very much” “Great site. Great content. Great! I can recommend this site to others!” “there is much I need to look into here.”..
    very suspicious indeed. and completly pointless as far as spam goes, no links in there. so maybe some guy is trying to re-train his spambot?

    I’ve had one or two instances of this – my theory was that it was a comment approval workaround. Approve one benign comment from an author/IP and then that opens the gates for that author to flood the site with spam.

    ive got similar coments too.

    Anything not clearly related to the post I tend to delete as spam.

    Yes I discovered that too over the past few days and even had a little moan to myself over it http://www.0gravity.co.uk/wordpress/index.php?p=179 😉

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    It’s a proof of concept. It’s an attempt to see how easy it is to exploit your blog. The real spam will come shortly.

    Try a captcha:
    http://tamba2.org.uk/wordpress/spam/#three
    or Jeff Barr’s hack:
    http://www.syndic8.com/~jeff/blog/index.php?p=103

    I’ve got the same things that hit this morning.

    I’ve got spam detection plugins installed, but these slide through. Tell us more about the “once they are approved” aspect of WP. I don’t remember that feature.

    Ive been using kittens spamwords to add these as spam and it adds certain keywords to the spam list which should block them

    I’ve had some of these too. Once they start posting the spam Spam Karma kills it all 🙂 Not checked yet whether it nukes the original comment.

    I was thinking…how are they finding us? Is it the default wordpress directories, the pings, trackbacks…or just hit and miss?

    Thread Starter pieceoplastic

    (@pieceoplastic)

    so what i decided to do after these feedbacks [ta!] is to set up a variety of anti-spam plugins and to switch back and forth between those every few days. that way it will keep “them” guessing.

    and you know Lorelle i ve been wondering the same thing. how do they find us? but its prolly quite easy to just search for a certain file that all WP installations contain, no?

    >>>switch back and forth between those every few days.<<<<

    I’m glad you got that much time on your hands…

    If we understood how they find us, then we can make changes accordingly. I do have to say the spam plugins available for WP, like Kitten’s spam killer and spam words filter, are brilliant. Fairly easy to use and immediate.

    But if something simple like changing the names of the directories or…something would help defeat them….it would be nice to know.

    I’d still like to know about the “approve comments” feature and how that works to let them open the door with their vague comments and then keep comming in.

    And if we do unwittingly “approve” these comments, how do we “unapprove” them?

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Lorelle:
    Typically, most spambots just crawl the web via links (the same way Googlebot works). Once they land on a blog, the spam comments fly. Most spambots can identify the blog software via the index structure, but usually any mention of “wordpress” on the page is good enough. If you want to keep your site free from most spambots, then never post a link to your site. Alternatively, some spambots (but very few) are search-based. These search for commonly linked files in WP, such as wp-login.php. Just do a search for wp-login.php, you’ll see what I mean.

    Pieceoplastic:
    That’s a lot of work, just for spam. Never let spam inconvenience you like that. I always keep a very complete blacklist in WP’s default (no extra plugins). I keep my eye one my inbox for what winds up in moderation, and only stop by to delete about 50 or so every weekend. Nothing has slipped through yet.

    Macmanx, what are you adding to your blacklist? Is it just verbiage from the spam, or are you blacklisting IP addresses? It seems to me that these *#$(&#@$~ have so many IPs that it would be impossible to keep up.

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘suspicious spam/not-spam’ is closed to new replies.