Need help? Check out our Support site, then


Bizarre Spam Attack Going On.

  1. Today it is being a weird day on my site. I'm receiving too many spam comments, but they are quite different than what you would expect. They seem to attempt to look like legit people by posting things that have common words words with a certain post. But what they post makes no sense, and even weirder, they have no links to other websites or products. The good thing is I have to approve the comments before they get accepted because otherwise it would be hell.

    ALL these comments are coming from Facebook accounts. And like I said, they make absolutely no sense in relation to what my content is about, but they try to. What is even weirder is that these comments seem to come from legit Facebook accounts. Could it be possible some spambot got their credentials and is spamming random sites with Facebook-enabled sites?

    Let me give you an example...

    This post is a tutorial to create Notification Center Widgets for iOS. One of the spam comments I received is this:

    Evi,If you are referring what looks like a seocnd bar a pixel or two above and to the left of your progress bars, I beleive this is because you are using a dark backround. I had the same issue with my background. It looks right on a blog with a white bacground, as it is meant to be a drop shadow. I had to edit the .css to eliminate the drop shadow.I’ll email you the .css I’m using. You can simply replace the existing one with the one I send you and see if that is better. You can also monkey with the colors to get them to match your blog better.

    If you read the actual blog post, you'll see it has nothing to do with CSS, background colors, or anything in those lines. Hell the blog post has nothing to do with web development at all. No one called "Evi" commented, and the name "Evi" doesn't pop up anywhere at all in the blog post itself. The comment came from some guy called Jorge Chavira. In this specific case, this account could be a bot considering there's only one on his list.

    Another example is this:

    This post is a tutorial to create mobile substrate tweaks for iOS. I received the following comment:

    OK, I did this and it worked (despite swpieng out an error when I activated the plugin). How do I limit it to specific pages? I don’t need them all refreshing every minute. Can I create “header-slug” pages, or does that only work for page-slug and post-slug? May 21 ’11 at 11:44

    (Yes, this comment came in with that date written at the end and everything).

    This comment is completely out of place. I never talk about header-slugs, I don't know what header slugs are, I don't mention the word "pages" in such a way that they would need to be "refreshed", so that comment is completely out of place.

    This comment came from an account that looks more "legit", regardless of the ridiculous teenager "cOoL nAmE". This account has a visible timeline and there's some content. Moniikiita

    As a final example (the one that left me dumbfounded the most), is this one:

    A while ago I published my second app on iOS App Store and decided to do a small giveaway to promote it. As such, I created this post to draw the attention of people to it. This was done at least a few weeks ago, and I received the following comment:

    Curious about how this works. I hope I’m missing sohmietng obvious, but I can’t find an intuitive way of moving between years (no swipe). Tapping on a day brings up a schedule for that day: great. But there’s no apparent way to highlight/enter spans for large blocks of time (as per the preview image) events marked out as multi-week all day events in my main calendar aren’t flagged up in any special way. Doesn’t seem to have any data entry facility. And some of the UI is a little buggy (try hitting the calendar button more than a few times) Again, I’m hoping I’m just being dense/blind/missing sohmietng obvious, but on first play, it doesn’t really seem to offer all that much.Not to hijack the thread, but Timeli app works pretty well for planning blocks of time. What draws me to 12 months is the idea of integration with the native calendar. Timeli looks great and functions well, but I rarely fire it up simply because it’s an additional body of data to manage

    I was about to take some feedback seriously, but then it turns out this comment wasn't about my app at all. The spam comment (coming from the Facebook account Emy Hoshiko), mentions the App "Timeli", which is not even a "competitor" to my app. This app "she" is talking about is a time management app with a calendar and all those fancy time-management tools. My app doesn't even have a calendar. So this comment is completely out of place as well.

    Another weird thing is that all those comments have particular typos, as if they did it on purpose.

    I'm sorry for linking directly to the "offending" Facebook accounts. I figure if I want to get much information and possibly nail down this problem altogether, I need to give as many details as possible. Normally I wouldn't mind comments out of place and I would just mark them as spam, but ALL of those misplaced comments came in TODAY, not even in a timeframe defined by days. ALL of them come from Facebook accounts, and all of them just seem a little bit... Off.

    If anyone knows what could be happening, I will appreciate. So far I haven't received so many misplaced comments but all of the ones I have received came in today, so it has definitely raised some eyebrows and I would like to stop this before it turns any worse.

    PS: My WordPress site is not hosted on WordPress.com. I'm hosting it on Bluepress, but I thought you guys may know something about this.

  2. You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you'll find help at the WordPress.org forums.

    If you don't understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It'll help people to answer your question.

    This is an automated message.

  3. Ah darn, looks like I did post this in wrong the place haha. I will move this to wordpress.org. My apologies!

  4. I'm actually having a similar issue as well.

    Spam from corporate pages and weird comments that *seem* legit... but are very questionable.

  5. amfp1007, Are they getting caught by akismet? If so, than don't worry about it.

    I had the same facebook type issue as leonnears had. Oh my. Hundreds of spam in a single day, but they were all in akismet where they should be. It's only a hassle if I wanted to wade through them in search of a real comment that might have been accidentally caught.

    Some of these were even my own comments but had a few misspelled words. Others looked very legit, but when they called me Susie, or Pablo, I knew it wasn't.

  6. @amfp1007
    I frequently click "empty spam" and eliminate more than 100 comments several times daily. i have blogged since 2005 and know that's not unusual so it doesn't concern me.

    Akismet is remarkably accurate. The vast and overwhelming majority of all so-called information on the internet is spam. Over 80% of all so-called comments submitted to .wordpress.com blogs every day are spam. The worst of all spam containing malware and viruses is not sent to us. It's removed as it could bring down many blogs if opened. The rest is an can be examined in your dashboard > Comments > Spam

    If Akismet has sequestered these spam comments simply click "empty spam" button. On the spam that Akismet catches it takes only seconds to click "empty spam" and you don't even have to click "empty spam" if you don't want to. Akismet will maintain comments it has caught for 15 days from the time they were received, and then it will delete the comment automatically.

    If you get spam that slips by Akismet then mark it as spam (do not delete it) and over time Akismet will learn it's spam.

    For more information please take the time to read "5 things every blogger should know about spam" on this page Akismet: How it works http://akismet.com/how/

  7. Thank you for the responses.
    Much more detailed than the answers I received in the thread I created, though that is not to say they did poorly. I just like detailed answers. :)

    Apologies if I hijacked this.

  8. @amfp1007
    You're welcome.

  9. If you get spam that slips by Akismet then mark it as spam (do not delete it) and over time Akismet will learn it's spam.

    So... if we mark a comment as Spam we should leave it in the "spam" folder and not empty the folder? Just wait for the 30 day expiration?

    I've been marking stuff myself as Spam and then emptying that folder when I'm doing my "cleanup" before logging out of my Blog. Does that prevent it from being submitted to Akismet to add to the filter in future?

  10. Hi there,
    If you are clicking the empty spam link there is no problem. It's only those who click the "delete" link who cause problems.
    http://onecoolsitebloggingtips.com/2012/05/20/mark-spam-as-spam/

  11. Ahhhh.... Got it. I had been wondering as Aksimet seems to dump about two dozen "Lista De Emails" Spam into the Spam folder each day without them seeming to ever "disappear" them without me emptying it.

    I had hoped that Aksimet would "learn" them and they'd just go away, but they seem more tenacious than genital herpes and never stop... I have noticed that that particular spam seems to have a veritable unlimited supply of different email addresses and website links associated with them.... is that why Aksimet seems never to be able to banish them completely?

  12. Weird spam messages that don't have any links are often "probes."

    The idea is fairly straightforward:

    1. A spammer spams a forum, blog, guestbook, Web form, or whatever with a seemingly innocuous post. Sometimes, the post is generated by software that produces gibberish that sounds like it might be plausible. Each one of these posts is unique; the spammer never uses the same exact one twice.

    2. After a day or two, the spammer uses automated search tools to search for the spam posts. The automated software keeps a database of the unique spam posts and the forum, blog, guestbook, or whatever where it was posted.

    3. If the Web search sees the spam post, then the spammer knows that particular blog or forum or whatever isn't running effective antispam or IP blacklisting defenses. Now all of a sudden the address of that blog is more valuable to the spammers; the address of the forum or blog will likely be sold to other spammers and "black hat SEO" operators, and slammed with spam like whoa.

Topic Closed

This topic has been closed to new replies.

About this Topic