Preventing "Spammers" from being notified of new Posts

  • Author
    Posts
  • #1217838

    Hi All…

    All of the sudden, I am now getting fake email sign-ups on my blog. I’ve disabled the follow blog button. I tried to delete subscribers, but you can’t (as several people have already pointed out).

    Hope the issue can be resolved. It is frustrating to have skewed numbers and also to allow people with fake emails to follow posts. It does worry me that there might be a pending security issue.

    #1217839

    dougpete
    Member

    Please add me to the list of people that are concerned about this. The first actually did have a trackback that could be reported. Now, it seems that they’re just a group of random characters typically from a Hotmail account. The only logic I can see is scraping content. When I do an internet search for the Hotmail address, it’s often identified as a spammer elsewhere.

    #1217841

    This morning I had to report eight spam blogs that followed my blog in the span of seven hours overnight (my overnight). The majority of them either had no content at all or one post consisting of a selfie and nothing else.
    Could WordPress please explain to us what is being done to address this problem?

    #1217842

    macmanx
    Staff

    Just to give a quick update, we’re monitoring follower behavior across the entire network to come up with the best plan of action. Meanwhile, I wanted to address a few key points:

    1. The only thing a follower can do is read your blog, nothing else, so let’s please not refer to this as a security issue. If you consider someone reading your blog to be a security issue, having a public blog is probably not for you.

    2. Folks need to have a WordPress.com account to use the Reader, but we don’t force them to use their account beyond that. Judging by activity which appears to be legitimate (not following hundreds of blogs a day) and direct contact, there are plenty of legitimate followers with empty or abandoned blogs.

    3. If you visit the follower’s blog and it truly is spam content (not just empty or abandoned, see 2 above), please report it following this guide: http://en.support.wordpress.com/report-blogs/

    #1217843

    Thanks for the response. Could you explain how to report a spam follow that is a Gravatar only?

    #1217844

    macmanx
    Staff

    We do not have a way to do that at the moment. The Gravatar abuse system was ironically being abused by individuals reporting empty Gravatar profiles as spam, thus delaying our ability to act on legitimate abuse complaints by weeks, so we’ll need to figure out a better way to do that.

    Gravatar is nothing more than an avatar service, a way to tie an image to your email address across many sites. Just because a profile has an image and no content doesn’t mean it’s spam. Similarly, just because a follower has an empty blog themselves doesn’t mean that they aren’t a human being interested in reading your blog.

    If they have a spam blog, then please report that, as they are most definitely a spam follower. If all they have is a Gravatar profile, there’s still a good chance that it’s a legitimate follower, unless of course the profile is filled with spam links.

    #1217845

    Similarly, just because a follower has an empty blog themselves doesn’t mean that they aren’t a human being interested in reading your blog.

    No, it doesn’t, but given the similarities between many of the empty blogs that I am getting follows from, I can’t help but suspect that they are being set up just to get hits or scrapes.

    #1217846

    macmanx
    Staff

    How would a suspected spammer benefit from a hit on an empty blog?

    #1217847

    macmanx
    Staff

    Also, please keep in mind that every public blog has an RSS feed. If someone wanted to scrape your blog, that would be much more efficient and automated.

    http://en.support.wordpress.com/feeds/

    Which brings back the point that if you’re concerned over who is reading your blog, a public blog is probably not for you.

    We are collecting and analyzing the data to find the best way to identify and combat spam followers without inconveniencing legitimate followers. This won’t be a quick fix.

    #1217848

    I am quite frustrate with these darn spammers (In my Texas accent) They make these random comments that don’t make and darn sense. One spammer said…”you blog is demanding attention of the century and has fullfilled a deap heart ach to my affirmaties.” Not only does this not make any sense, it is not related to the blog at all. I just want to know where these darn nabbit spammers come from.

    #1217849

    macmanx
    Staff

    Spam comments have no connection with spam followers.

    If you receive a spam comment, just mark it as spam so Akismet (our learning anti-spam system) can adapt to new spam trends.

    http://en.support.wordpress.com/unwanted-comments/

    #1217850

    Which brings back the point that if you’re concerned over who is reading your blog, a public blog is probably not for you.

    I am not concerned about who is reading my blog. I am concerned about the amount of time that I have had to spend every day for the past two months or so reporting commercial spam followers, and spam followers that, judging by the content (or lack thereof) on their own websites, have no reason to follow my blog.

    As others have stated in this and other threads, WordPress allows us to approve comments before they appear on our blogs. It would be extremely helpful to be able to do the same with follows.

    #1217851

    macmanx
    Staff

    Sure, and thank you for the reports. When we receive valid spam blog reports, they help us identify and combat even unreported spammers.

    What is your criteria for identifying “followers that, judging by the content (or lack thereof) on their own websites, have no reason to follow [your] blog.”

    #1217852

    I just began to receive spam comments which were not picked up by Akismet; I have mentioned it at the start of my lastest post, having ‘spammed’ them all. But as each comment was on a different past post this took some time and is a real pain. So I came to this forum to see what I could find about it and have read through the whole thread. Seems I have to go through all my followers as a small number don’t seem to make sense. I now understand why I got a rash of likes from sites selling their way of making money out of blogging (if they can make that much money why do they need/want to sell for what is comparatively peanuts?). There are people in this thread a lot more knowledgeable than I am and some of what has been said I do not understand but I completely agree that we should be able to remove followers; I’m sorry macmanx but your argument that the follower is the owner doesn’t make any sense at all – they’re following my blog dammit and seemingly abusing my content.

    #1217853

    I see I posted my previous contribution from my photo blog, grumpytykepix by accident as I happened to be logged in to that at the time, but the spam comments were received on my other blog – grumpytyke, so that is where I wrote about it in my latest post.

    #1217854

    macmanx
    Staff

    If you’d like to discuss spam comments, please open a new thread. Let’s keep this one limited to spam followers.

    #1217855

    What is your criteria for identifying “followers that, judging by the content (or lack thereof) on their own websites, have no reason to follow [your] blog.”

    I just finished reporting seven of them, all of which showed up in the past 12 hours, so I can give you some very recent examples.
    – blog has only one or two posts
    – posts are just a photo plus a one or two word caption, and photos don’t have anything to do with each other, or
    – posts are reblogs from different sites, and reblogged posts don’t have anything to do with each other
    – majority of blog elements have not been changed from original template (e.g. subhead still says something like “just another WordPress.com site”)

    For what it’s worth, the text in all the blogs I just finished reporting was in Indonesian. I realize that a blog not written in English is not a sign of spamming, but a good proportion of the “instant followers” I have seen in the past few weeks have been Indonesian-language blogs.

    #1217856

    We’re still trying to figure out a motive for these fake email subscribers so we can actually target the motive itself and put a stop to it. So far, we’re running a bit short.

    They have nothing to gain from reading your blog and nothing to gain from affecting totals. Unlike WordPress.com (non-email) followers, where you receive a notification email with links to their blog and Gravatar profile, there’s really nothing for them to gain.

    The one thing they do get is lots and lots of email messages from wordpress.com, each of which comes with a valid DKIM signature. Maybe they’re building a database of these to try to exploit hash collisions, or something.

    #1217857

    macmanx
    Staff

    blog has only one or two posts

    The Reader requires a WordPress.com account, but we don’t force people to use their blogs just to use the Reader.

    posts are just a photo plus a one or two word caption, and photos don’t have anything to do with each other

    Perhaps they’re just getting started with their blog. Not everyone launches into a novel on a day 1.

    posts are reblogs from different sites, and reblogged posts don’t have anything to do with each other

    Reblogging is a very popular feature, it’s also encouraged during some signup flows.

    majority of blog elements have not been changed from original template (e.g. subhead still says something like “just another WordPress.com site”)

    We have plenty of legitimate popular blogs who have not changed their tagline.

    What I’m trying to say with this is that a splog (a blog filled with ads or designed to drive traffic off-site) is spam, but a nearly empty or unaltered blog is not. That’s just profiling, which never goes over well, just like how you wouldn’t arrest a kid for simply walking out of a store.

    Either way, neither of the above would necessarily prove that the Follower is not legitimate, it simply proves that they’re not a skilled a blogger, which again is not a requirement and doesn’t happen instantly.

    Please only report blogs that are violating our terms of service. Reporting blogs for low activity simply delays our ability to act on legitimate threats, some of which require the involvement of law enforcement and child protective services (which would be really nice if we could get to quickly without digging through a sea of blogs reported just for having slim content).

    The one thing they do get is lots and lots of email messages from wordpress.com, each of which comes with a valid DKIM signature. Maybe they’re building a database of these to try to exploit hash collisions, or something.

    Right, that could happen to any bulk-mailing service, but that type of exploit wouldn’t be possible without direct access to our DNS system, which is never going to happen.

    #1217858

    They also wouldn’t be able to collect email addresses or increased hits from wordpress.com if we could moderate followers.

    I understand that not all bloggers, particularly new ones, have the same level of expertise or themed content. But if the problem was just new bloggers not knowing what they were doing, then why has the number of new/suspicious followers increased so dramatically over the past few months? There is clearly something else going on.

The topic ‘Preventing "Spammers" from being notified of new Posts’ is closed to new replies.