Need help? Check out our Support site, then


Fake "Follows", "Follow" Spamming, and "Like" Spamming Rampant on Word

  1. scriptorobscura
    Member

    I wish WordPress would eliminate the option of allowing people to "follow" blogs without ever receiving any emails of new posts from that blog. Eliminating the "off" option in receiving emails from a particular blog would eliminate the VAST amount of fake "followers" that use automated programs to spam as many blogs as possible with fake "follows" in order to build up interest and lure people to their own site.

    These people are not genuine followers and fake "following" is SPAM, PERIOD. Fake "following", along with fake "liking" is a rampant form of spamming that is overtaking WordPress. People are just
    "following" and "liking" as many blogs and posts as they can get their spammy little hands on in a shameless and blatant effort to lure naive people (who don't know any better and who don't recognize this as spam) to their own sites.

    The telltale sign of "follow" spamming is a blog with a RIDICULOUS number of comments on their about page all effusively falling all over themselves thanking the blogger for "following" them.

    Its obvious these people have no interest in any of the sites they "follow" and are just following as many sites as possible. Eliminating the "no emails" option for blogs we follow would cut out this problem, or at least go a long way toward limiting the number of fake "followers" who go around "following" as many blogs as possible.

    If they had to receive emails on some regular frequency for all the blogs they "followed", then they might not be so eager or quick to spam hundreds and hundreds of blogs with fake "follows".

    Also, WordPress could set some sort of upper limit on the maximum number of blogs that one could follow, because no one can legitimately read hundreds and hundreds of blog posts every day, no one legitimately has the time or is able to genuinely read SO many posts, and anyone "following" THAT many blogs is obviously only doing so for self-promotion.

    I wish WordPress would do something to address this rampant problem of fake "followers" and fake "likers" because this is SPAM, pure and simple, and WordPress is doing absolutely nothing to stop it, and is even encouraging it.

    I have steadily gotten about 2 to 3 of these new fake "followers" to my blog every single day for over a week now, and they only keep increasing. I report every single one to WordPress for spam activity, and I also report their gravatar profiles for spam activity too, but nothing is done to stop these people. My subscribers list has become meaningless and useless as it is overinflated with hundreds of these fake "followers" and gives no accurate indication of follower count anymore.

    I am so sick of all these fake followers and likers who are only engaging in shameless self-promotional spam to lure in the naive who don't know any better. Please stop these spammers!

    Thank you so much.

    The blog I need help with is scriptorwrites.wordpress.com.

  2. Hi there,
    The main thread is re: spam likes here > http://en.forums.wordpress.com/topic/new-way-to-spam?replies=76

  3. scriptorobscura
    Member

    Yes I know, and I'm subscribed to that thread, but I'm mainly talking about spam "followers" here, and ways to address them.

  4. I apologize for not noticing the difference. I tagged this thread for a Staff follow-up. Please subscribe to it so you are notified when they respond.

  5. I attempted to describe and report this "fake followers" phenomenon at that above mentioned Spam Thread, but apparently my note is branded out of context.

    All these spam issues are linked together. Whether someone is fake-following or fake-liking, it should be WP's responsibility to check the increase in number of complaints (do we bother support here when things are working smoothly?).

    In any case, there is currently a wide spread report of WP system being hacked across the board for botnet use. What are the odds that all these spam issues are occurring around the same time?

  6. In any case, there is currently a wide spread report of WP system being hacked across the board for botnet use. What are the odds that all these spam issues are occurring around the same time?

    That "widespread report" is about DDOS attacks. (direct denial of service attacks) on WordPress>ORG installs.

  7. Well I said on WordPress.ORG installs but to be accurate it's attacks on servers the web hosts of WordPress.ORG installs and no that is not related to what this thread is about.

  8. In any case, there is currently a wide spread report of WP system being hacked across the board for botnet use. What are the odds that all these spam issues are occurring around the same time?

    That's a distributed attack affecting WordPress and Joomla installations on a variety of major hosting providers. It has nothing to do with spam and has not targeted WordPress.com, so let's not try to cause any sort of panic by way of misinformation or speculation, please.

    Eliminating the "off" option in receiving emails from a particular blog would eliminate the VAST amount of fake "followers"

    Actually, that would eliminate the vast amount of legitimate followers too. Most folks don't even use the email option, it's why we offer a Reader, not just an email subscription service. Many Reader users are subscribed to well over 100 blogs with an average of a post a day, and they probably don't want all of those in their email inbox.

    We have to focus on methods that punish the spammers, not the users. To do that, we have to focus on the motive, not the accomplishment.

    Think of what a fake follower accomplishes, then try to think of a motive for what they gain from each accomplishment, then you'll know where to hit them.

    So far, I can see that a fake follower accomplishes three things.

    1. A fake follower is now subscribed to your blog. There isn't much to gain from this. You can't really maliciously read something.

    2. A fake follower is now potentially offsetting your subscriber totals. Again, they really don't gain anything from this. It's a side effect of the whole process. It sucks, but focussing on this distracts from the issue at hand and its solution, which brings me to:

    3. A fake follower results in an email notification sent to you which contains a link to the follower's Gravatar profile, and (if they have a WordPress.com blog) three links to "Great posts worth seeing from [follower]". This is where they gain something, this is the motive, and this is where we can fight back.

    (Before I continue, it's also worth noting that through this process you can determine if this is a fake follower or just a legitimate follower with a really lousy name.)

    When you view the follower's Gravatar profile, determine if it's spammy or not, and report it via the Report Abuse link near the bottom-right. If the profile is blank or has plenty of legitimate links, it's not spam. If it's full of junk like scams, pharmacies, etc, then it's probably spam.

    Next, view the follower's blog. It's either legitimate of spam, the distinction should be rather obvious, they're not too clever about hiding. If it's spam, report it following this guide: http://en.support.wordpress.com/report-blogs/

    In short, if a follower really does have malicious intentions, the only thing they stand to gain is by drawing traffic to their spam Gravatar profile or their spam blog by way of the notification email. You can help us fight back and shut them down for good by reporting them as such.

    If we all make an effort to fight back, they'll eventually go away. This has all happened before and was stopped thanks to the spam reports. With your help, we can do it again.

  9. How do you report a potential spam follower when you don't provide any links in the email notification we receive?

    The email notification I get, with the subject line: name @ address dot com is now following your blog, contains nothing except for their email address and my own blog address URL.

  10. @macmanx
    My Readers cannot see my followers list; only I can view it. For me this isn't about malicious intent or anything along that line.

    My issue is: At present I do not have a reliable way to gauge audience growth.

    I have merely skimmed through only the first 3 pages of my followers and made the following discoveries:

    1. some followers have usernames linked to Twitter accounts that no longer exist;
    2. some followers have usernames linked to Twitter accounts that are inactive and have been inactive for months;
    3. some followers have usernames linked to Facebook accounts that no longer exist;
    4. some followers have username linked to Facebook accounts that are inactive and have been inactive for months;
    5. some followers have usernames linked to fake social networking and or wordpress accounts;
    6. some followers have deleted their blogs and are no longer active in the WordPress.com community;
    7. some followers have abandoned their blogs ie. the blogs have been inactive for months and in some cases for over a year.

    As I have been unable to locate an active profile and or/blog for some followers anywhere online, I would like to have the ability to remove these followers, so I can rely on the numbers here http://wordpress.com/#!/my-stats/?blog_subscribers as a reliable means of gauging audience growth.

  11. I was speaking above about the WordPress.com followers, those who have a clear motive (getting you to visit their blog and possibly following back) which we can do something about (suspend them if it's spam content). Email-only subscriptions are a whole other incredibly confusing beast.

    We're still trying to figure out a motive for these reported fake email subscribers so we can actually target the motive itself and put a stop to it. So far, we're running a bit short.

    They have nothing to gain from reading your blog and nothing to gain from affecting totals, but once we can figure out a motive, it's pretty trivial to stamp out the behavior for good.

    Prolific forum volunteer raincoaster suggested in another thread that they're doing this to scrape (steal) blog content. Though likely, I'm not entirely convinced yet. Every public WordPress.com blog has an RSS feed. Though it takes some technical knowledge to setup, a scraper could establish an RSS parser for automated wholesale copying of your content. Comparatively, copying and pasting content from every email received is an insurmountable task, especially at the levels of blogs that some email-only accounts are subscribed.

    I monitor my blog for a variety of things (comments, Likes, Followers) so I can shut down spammers on this end (it's oddly therapeutic), but I haven't noticed any sort of wholesale content theft that I'd expect if even a quarter of my email subscribers were just scraping my blog, in fact I haven't seen any at all over the past few months.

    It's a very odd case. I mean, I admit that it's frustrating, but it's very odd. Without a clearly obvious motive, it's nearly impossible to be sure if an email follower is truly fake. Fact-wise, they have absolutely nothing to gain. Speculation-wise, we can say that they're doing it to copy and paste our blog content, but I'm not seeing any evidence of that trend.

    I'm not sure how much ground we can gain campaigning on that level, since RSS feeds are freely available and offer more automated scraping.

    One more point, if they have deleted their WordPress.com blogs or are no longer active in the WordPress.com community, it doesn't mean that they still aren't actively reading your blog. The Reader, after all, is a reader. It doesn't require interaction, it's just a handy way to read the blogs you want to read, and the same is true for email subscriptions.

    Regardless, without a clear motive, this may result in more blogger-facing subscription controls sooner rather than later.

    One thing to keep in mind though, if email-only followers have absolutely nothing to gain except the ability to read your posts via email, how can you be sure that they're fake?

    As for the WordPress.com followers, if you investigate and report them as mentioned above, we'll shut them down for good soon enough.

  12. @macmanx
    I don't care what the motive is.
    I just want a reliable means of gauging audience growth. :(
    Did I forget to say that my issue is that I cannot rely on the numbers here http://wordpress.com/#!/my-stats/?blog_subscribers as a reliable means of gauging audience growth?

    When I cannot locate an active profile and or/blog for some followers anywhere online, then I would like to have the ability to remove these followers, without any Staff involvement or reporting of any kind.

    Just give me an "x" I can click to prune the dead wood that bears no fruit from my orchard of fruit bearing followers and I will be happy.

  13. I do not need nor do I have time to judge and remove anyone from my subscribers list. I do however expect that the platform hosting my blog is not providing weak entry-points for spam bots and machines to corrupt my blog. Finding motives of people and machines is also not my concern.

  14. Did I forget to say that my issue is that I cannot rely on the numbers

    No, I read and understood, hence "without a clear motive, this may result in more blogger-facing subscription controls sooner rather than later."

  15. my blog is not providing weak entry-points for spam bots and machines to corrupt my blog.

    Please stop spreading panic like that. These are email subscribers. They can only read your blog. Your so-called "weak entry point" is simply a subscription form that anyone with a browser and an email address can use. Why? Because that's all they are, email subscribers.

    If you all you do is spread fear, uncertainty, and doubt, it only serves to cause a panic and distract from the real issue at hand.

  16. @macmanx I'm also getting more of these fake follows - well, I call them spam follows. I'm fed up reporting them but maybe I'll gather up all I know about and contact support one of these days. That aside, what I wanted to say is the motive might have nothing to do with scraping and all to do with getting people to go to their blogs and post a comment. Then they get the person's URL and their email address. I've seen any number of misguided bloggers saying 'thank you for the follow' (and in another context, which I realise this thread is not about, 'thank you for the Like') on spammer blogs 'about' pages, and then what? Off that spammer goes with their email.

    Maybe I'm chasing this in the wrong direction, but it's what appears obvious to me - and maybe it's something you're missing?

  17. I get plenty every day, some are now ending in the numbers 2020. Most are selling something, just as in the old style spam.
    I'm thinking of not using WP anymore, it's just getting ugly. Sad, too, it just started after the sidebar offering of new people I might be interested in following. What's the connection? :(

  18. This isn't only a problem here. It is a problem on self-hosted WordPress sites, it is a problem on Joomla sites, it is a problem on Drupal sites. I set up, and manage all of these and the problems are there too. I delete sometimes over 100 registrations per week for following and commenting on some of these sites.

    Welcome to the web. :)

  19. scriptorobscura
    Member

    Except here, we don't have the option to delete anyone who follows us. If WordPress doesn't want to allow us to delete any existing followers, at least give us the option of being able to approve or disapprove any new followers from following us. That would stop this problem in its tracks. Here on WP we have no ability to control who follows us and that's really wrong. So many people have requested the ability to control followers and its about time. I know "its a public blog, anyone can view it", but viewing it is different from automatically being subscribed and receiving all of our posts direct to their email. I know they can still get an RSS feed, subscribe through other means, yada yada, but really, its about time we had the ability to approve/disapprove people before they can follow us! I think this is at least a compromise if WP refuses to allow us to delete any existing followers. This problem is really getting out of hand and users on other platforms already have the ability to delete followers, why can't we???? Its about time. Even if WP thinks the ability to control followers would be unproductive and useless in their eyes, at least toss people a bone and give the users what they want here, even if its only a surface token gesture! Please give us the ability to control who can follow us. So many have requested it, and so many are having problems with this. Please WP, give us this gesture. Its getting out of hand and the ability to approve followers would eliminate this problem immediately. Its becoming too easy for spammers here and WP is getting flooded with these "follow" spammers. I'm really fed up and its stopped me from blogging. I'm really wondering what's the point anymore.

  20. scriptorobscura
    Member

    And I report all these people and nothing is done about them. Nothing. Of all the ones I've reported, not one blog has been taken down, not one gravatar profile has been deleted, even the obvious and blatant spammers! And, even more troubling and sickening and utterly puzzling to me, is the fact that several of these scammers and fake "followers" that previously DID have their profiles deleted now have the exact same profiles restored in full and are now back to spamming again! Why would their profiles be restored, and they be allowed to continue spamming people, when they're obvious spammers? Why? It makes no sense to me at all!

  21. Hello, panic-mongers. If you're freaked out about the botnet attack and will not take staff assurances that you're safe, you can read this. http://www.dailydot.com/crime/wordpress-attack-4-easy-steps-protect-your-blog/

  22. This morning, I received email notifications for two questionable email followers. Many of my email followers are those I know personally, so I often wonder about the unknowns.

    I have a question... Some time ago I came to the forum asking why I no longer received notification for email followers. I was told privacy reasons. So are these recent notifications actually sent out by WordPress?

  23. There is an option in Dashboard (Settings - Discussion) where you can un-check the box if you do not wish to receive email notification when someone subscribes. I have done that for myself and it is has been peaceful. You can still check who subscribes to your blog by going to Stats page.

  24. Thank you, isnailmail, for the response. I am aware of this, but decided to remove the widget for email followers, since I received several more fake email followers this morning. I hope this gets resolved so I can put it back on.

    I do hope my question is addressed, since I was told privacy was why we stopped receiving notifications for email (non-Wordpress) followers.

    I have been wondering about a motive for the spam email followers. Is it possible they can be collecting email addresses from those who send out emails to thank those who are now following their blog?

  25. I also did the same earlier, removed Email Subscription widget for couple of days. I then brought it back on. I realized that the fake-subscribers stopped as soon as I removed the email widget.

    However, things got a little frustrating with all this, so after enabling the email widget back on, I decided to not receive anymore email notifications upon subscriptions. Strange enough, even with email widget on, I have not seen an addition of new email subscribers, fake or legitimate, in more than a week. I am checking subscribers through the Stats page. My last email subscriber looks legitimate but it was a week ago. My blog generally gets new subscribers on frequent basis.

    God only knows what's been happening with WordPress spam issues lately. WordPress support probably does not realize that bloggers hosting here, don't necessarily have luxury of time and energy to look after these behind-the-scenes bugs and issues.

  26. Is there any update on the spam email followers? I had put the widget back on my blog and a for couple weeks, no spam, but today, I just got a couple more. I disabled the widget again and will leave it off for now, until there might be a solution.

  27. This is the latest thread on this issue. As far as my blog is concerned, I decided to enable the email widget back and not bother with receiving notifications when people/fake-followers subscribe. As far as I can tell, the fake-followers have not completely stopped.

  28. Totally agree with scriptorobscura - for gods sake WP let us control who follows our blogs, I want to feel I have control of my audience back as I'm being totally targeted by these scammers this week. Come on!

  29. Akismet seems adept at catching spam comments, now how about filtering out the spammy gravatar profiles that keep 'liking' my posts? >.<

Topic Closed

This topic has been closed to new replies.

About this Topic