Some time ago (1/2 year, may be 1 year) strange comments started to appear in our WordPress comment moderation queue. They all contained some random comments from random places, they all had the similar URL:
where XXXXXXXXXXXXXXX is profile ID, that is changing from one comment to another. I didn’t click on the fake profiles, do not have time to research who are behind this.
Today regular chunk of SPAM in moderation queue, again with fake Facebook profiles, again bypassed CAPTCHA somehow (Chinese clickers perhaps), but one particular comment grabbed my attention. It is comment from post about old tabled unboxing.
Here is a comment:
Author : Bagas (IP: 18.104.22.168 , 22.214.171.124)
E-mail : rkleinschmidt@SOMETHING–HEALTH–related–WAS–here.org
URL : http://www.facebook.com/profile.php?id=XXXXXXXXXXXXXXX
Whois : http://whois.arin.net/rest/ip/126.96.36.199
I buy few unit from amazon , at first i think the $199 is good deal , but actllauy this player is worst , the touch screen really slow and hard to scroll , and the app , i think all junk app , please consider don’t think $199 is a good deal , better u add another bucks for really goods item.
The strange thing is that this comment seems like absolutely legitimate user commenting on Archos tablet. Yes, touch screen is slow, there are junk apps, etc.
I did a quick Google search, and instantly found original site, where this comment was stolen:
It is blog post about Archos tablet. And comment is from “June 25, 2010 at 5:32 pm”. It is also running on the WordPress engine.
So the theory:
- The Comment Stealing BOT (CSB) finds random WordPress blog;
- CSB then finds some random posts;
- CSB somehow searches the internet, using keywords from my blog post;
- CSB finds some WordPress blog and grabs some random comments;
- Sometimes it succeeds, and comment looks like real user post;
- It tries to promote some Facebook pages;
- If you are managing multiple blogs, you spot this pattern instantly.
Of course other WordPress users are noticing this too:
- Facebook profile spam getting through filter
- Suddenly getting dozens of spam comments a day from “Facebook accounts”
- Increase in SPAM activity or am I just awesome? … I should also mention that just about everyone of the new spam comments are coming from “users” with facebook URLs.
- sudden onslaught of spam … I’ve marked spam on these fake facebook accounts probably over 50 times.
- Lots of Facebook Spam