Spammed by WordPress comment stealing bot with Facebook profile

Some time ago (1/2 year, may be 1 year) strange comments started to appear in our WordPress comment moderation queue. They all contained some random comments from random places, they all had the similar URL:
where XXXXXXXXXXXXXXX is profile ID, that is changing from one comment to another. I didn’t click on the fake profiles, do not have time to research who are behind this.

Today regular chunk of SPAM in moderation queue, again with fake Facebook profiles, again bypassed CAPTCHA somehow (Chinese clickers perhaps), but one particular comment grabbed my attention. It is comment from post about old tabled unboxing.
Here is a comment:

Author : Bagas (IP: ,
E-mail : rkleinschmidt@SOMETHING–HEALTH–related–WAS–
Whois :
I buy few unit from amazon , at first i think the $199 is good deal , but actllauy this player is worst , the touch screen really slow and hard to scroll , and the app , i think all junk app , please consider don’t think $199 is a good deal , better u add another bucks for really goods item.

The strange thing is that this comment seems like absolutely legitimate user commenting on Archos tablet. Yes, touch screen is slow, there are junk apps, etc.

I did a quick Google search, and instantly found original site, where this comment was stolen:

It is blog post about Archos tablet. And comment is from “June 25, 2010 at 5:32 pm”. It is also running on the WordPress engine.

So the theory:

  • The Comment Stealing BOT (CSB) finds random WordPress blog;
  • CSB then finds some random posts;
  • CSB somehow searches the internet, using keywords from my blog post;
  • CSB finds some WordPress blog and grabs some random comments;
  • Sometimes it succeeds, and comment looks like real user post;
  • It tries to promote some Facebook pages;
  • If you are managing multiple blogs, you spot this pattern instantly.

Of course other WordPress users are noticing this too:

Your program is returning ErrorLevel 128 (exit code)

Here is a scenario:

  • You have written a program;
  • You run it;
  • First line of the program never gets executed;
  • ErrorLevel (exit code) 128 is returned.

You search Google for solution, but nothing useful is found. This happened to me. Problem was — Windows was running out of memory on my virtual computer. This can happen on physical machine too.

Later I found MS support article. User32.dll or Kernel32.dll fails to initialize:

Sometimes an application that is executed by either CreateProcess() or CreateProcessAsUser() fails and you receive one of the following error messages:
Initialization of the dynamic library \system32\user32.dll failed. The process is terminating abnormally.
Initialization of the dynamic library \system32\kernel32.dll failed. The process is terminating abnormally.
The failed process returns the exit code 128 or