WordPress.org

Forums

suspicious spam/not-spam (18 posts)

  1. pieceoplastic
    Member
    Posted 10 years ago #

    over these last hours some very "strange" comments have been posted on my site. they are not technically spam, as they dont contain any links or nothing, but their wording, weird and always similar email syntax and the complete randomness and unrelatedness to the actual post make me suspect it might be some spammer trying to hack my latest comment spam protection, --- spam-stopgap.php, which so far has been working like a champ.

    anyone else getting spam/not-spam attacked?
    and, more importantly: what to do?

  2. Mark (podz)
    Support Maven
    Posted 10 years ago #

    Try another spam solution:
    http://www.tamba2.org.uk/wordpress/spam

  3. Dr_Gonzo
    Member
    Posted 10 years ago #

    I've had similar comment spam, with text like "Wonderful web site, was very useful. Lovely touch having this guestbook. Thanks" and no link. Very odd.

  4. pieceoplastic
    Member
    Posted 10 years ago #

    thats exactly the kind of wording of the comments i receive. "informative professional site" "i like your website very much" "Great site. Great content. Great! I can recommend this site to others!" "there is much I need to look into here."..
    very suspicious indeed. and completly pointless as far as spam goes, no links in there. so maybe some guy is trying to re-train his spambot?

  5. notdead
    Member
    Posted 10 years ago #

    I've had one or two instances of this - my theory was that it was a comment approval workaround. Approve one benign comment from an author/IP and then that opens the gates for that author to flood the site with spam.

  6. somefool
    Member
    Posted 10 years ago #

    ive got similar coments too.

    Anything not clearly related to the post I tend to delete as spam.

  7. phiali
    Member
    Posted 10 years ago #

    Yes I discovered that too over the past few days and even had a little moan to myself over it http://www.0gravity.co.uk/wordpress/index.php?p=179 ;-)

  8. It's a proof of concept. It's an attempt to see how easy it is to exploit your blog. The real spam will come shortly.

    Try a captcha:
    http://tamba2.org.uk/wordpress/spam/#three
    or Jeff Barr's hack:
    http://www.syndic8.com/~jeff/blog/index.php?p=103

  9. Lorelle
    Member
    Posted 10 years ago #

    I've got the same things that hit this morning.

    I've got spam detection plugins installed, but these slide through. Tell us more about the "once they are approved" aspect of WP. I don't remember that feature.

  10. somefool
    Member
    Posted 10 years ago #

    Ive been using kittens spamwords to add these as spam and it adds certain keywords to the spam list which should block them

  11. Anonymous
    Member
    Posted 10 years ago #

    I've had some of these too. Once they start posting the spam Spam Karma kills it all :) Not checked yet whether it nukes the original comment.

  12. Lorelle
    Member
    Posted 10 years ago #

    I was thinking...how are they finding us? Is it the default wordpress directories, the pings, trackbacks...or just hit and miss?

  13. pieceoplastic
    Member
    Posted 10 years ago #

    so what i decided to do after these feedbacks [ta!] is to set up a variety of anti-spam plugins and to switch back and forth between those every few days. that way it will keep "them" guessing.

    and you know Lorelle i ve been wondering the same thing. how do they find us? but its prolly quite easy to just search for a certain file that all WP installations contain, no?

  14. Lorelle
    Member
    Posted 10 years ago #

    >>>switch back and forth between those every few days.<<<<

    I'm glad you got that much time on your hands...

    If we understood how they find us, then we can make changes accordingly. I do have to say the spam plugins available for WP, like Kitten's spam killer and spam words filter, are brilliant. Fairly easy to use and immediate.

    But if something simple like changing the names of the directories or...something would help defeat them....it would be nice to know.

    I'd still like to know about the "approve comments" feature and how that works to let them open the door with their vague comments and then keep comming in.

    And if we do unwittingly "approve" these comments, how do we "unapprove" them?

  15. Lorelle:
    Typically, most spambots just crawl the web via links (the same way Googlebot works). Once they land on a blog, the spam comments fly. Most spambots can identify the blog software via the index structure, but usually any mention of "wordpress" on the page is good enough. If you want to keep your site free from most spambots, then never post a link to your site. Alternatively, some spambots (but very few) are search-based. These search for commonly linked files in WP, such as wp-login.php. Just do a search for wp-login.php, you'll see what I mean.

    Pieceoplastic:
    That's a lot of work, just for spam. Never let spam inconvenience you like that. I always keep a very complete blacklist in WP's default (no extra plugins). I keep my eye one my inbox for what winds up in moderation, and only stop by to delete about 50 or so every weekend. Nothing has slipped through yet.

  16. MamaBeeyotch
    Member
    Posted 10 years ago #

    Macmanx, what are you adding to your blacklist? Is it just verbiage from the spam, or are you blacklisting IP addresses? It seems to me that these *#$(&#@$~ have so many IPs that it would be impossible to keep up.

  17. ringmaster
    Member
    Posted 10 years ago #

    Why this new breed of comments has no links:
    http://www.asymptomatic.net/archives/2005/01/18/1225/got-new-spam-tactic-figured/

    The "miracle" of filtering spams that have no links (via many of the spam filter plugins available) is enabled through Realtime Blackhole Lists (RBLs), not by some mystic heuristic/bayesian algorithm.

    Basically, the plugin takes the IP of the spammer and uses it when making a DNS request from someplace like sbl-xbl.spamhaus.org. (Note that this is not the same thing as an email RBL, which would be significantly less effective.) That site has a database of IPs that were used to send comment spam, usually via open HTTP proxies. If the IP is in the list, it reports that info to the plugin, and the plugin filters the comment.

    Blacklisting IPs works, but you're not benefitting from the work done by others who already have expansive lists of bad IPs. Install one of the spam filtering plugins and let it do the work for you. A good filter will cache the IP results so it doesn't make duplicate requests to the RBL, and can still work if the RBL is inaccessible for some reason. A better filter could help report new bad IPs to the RBLs.

  18. pieceoplastic
    Member
    Posted 10 years ago #

    actually switching back and forth between spam-protections is not much work at all with the great plugin system worpress has. its as easy activate one, deactivate the other, and back again a few days later.

    apparently google is getting on it with the rel="nofollow" link-attribute, but i still have to understand how this works... anyone looked into this yet? google.blog

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.