Spammed by WordPress comment stealing bot with Facebook profile

Some time ago (1/2 year, may be 1 year) strange comments started to appear in our WordPress comment moderation queue. They all contained some random comments from random places, they all had the similar URL:
http://www.facebook.com/profile.php?id=XXXXXXXXXXXXXXX
where XXXXXXXXXXXXXXX is profile ID, that is changing from one comment to another. I didn’t click on the fake profiles, do not have time to research who are behind this.

Today regular chunk of SPAM in moderation queue, again with fake Facebook profiles, again bypassed CAPTCHA somehow (Chinese clickers perhaps), but one particular comment grabbed my attention. It is comment from post about old tabled unboxing.
Here is a comment:

Author : Bagas (IP: 92.99.196.92 , 92.99.196.92)
E-mail : rkleinschmidt@SOMETHING–HEALTH–related–WAS–here.org
URL : http://www.facebook.com/profile.php?id=XXXXXXXXXXXXXXX
Whois : http://whois.arin.net/rest/ip/92.99.196.92
Comment:
I buy few unit from amazon , at first i think the $199 is good deal , but actllauy this player is worst , the touch screen really slow and hard to scroll , and the app , i think all junk app , please consider don’t think $199 is a good deal , better u add another bucks for really goods item.

The strange thing is that this comment seems like absolutely legitimate user commenting on Archos tablet. Yes, touch screen is slow, there are junk apps, etc.

I did a quick Google search, and instantly found original site, where this comment was stolen:
http://www.yugatech.com/personal-computing/archos-7-home-tablet/

It is blog post about Archos tablet. And comment is from “June 25, 2010 at 5:32 pm”. It is also running on the WordPress engine.

So the theory:

  • The Comment Stealing BOT (CSB) finds random WordPress blog;
  • CSB then finds some random posts;
  • CSB somehow searches the internet, using keywords from my blog post;
  • CSB finds some WordPress blog and grabs some random comments;
  • Sometimes it succeeds, and comment looks like real user post;
  • It tries to promote some Facebook pages;
  • If you are managing multiple blogs, you spot this pattern instantly.

Of course other WordPress users are noticing this too:

One reply on “Spammed by WordPress comment stealing bot with Facebook profile”

  1. Have you had any success using Comment Blacklist under discussion settings? I just added facebook.com/profile.php to one of mine to see how that goes. I’ve never had a legit commenter post his/her facebook profile as a URL and have been blogging since before there even was a facebook.

Comments are closed.