I’ve recently noticed a new kind of spam getting through Akismet and into my comments. It doesn’t contain a lot of links, doesn’t come from email addresses or URLs containing commercial names, and isn’t full of nonsense strings of unrelated words. Nothing so obvious. Nor does it all appear to come from the same URL, IP, or country. It does, however, seem to contain at least one scrambled/misspelled word (eg, thhogut instead of thought) and appears to be slightly off-topic or refers to something or someone that does not actually appear in the post or other comments. And, so far, most of the names link to seemingly innocuous Facebook profile pages, although never the same one.
The tip-off was that the same Identicon appeared with all of them. Identicons, as well as MonsterIDs, Wavatars, and Retros, assign avatars based on email addresses, IPs, and/or hash values. I don’t understand exactly what hash values are, but the resulting avatars are supposedly unique to each user, just like a fingerprint.
Unfortunately, there is no way to include an image in WordPress’s Discussion settings, where you can list specific IPs or words (Settings > Discussion, Comment Blacklist). If I blacklist “facebook.com/profile” or even just “facebook,” several of my legitimate readers will be blocked. So for now, with apologies to those readers, URLs from “facebook.com/profile” will be held for moderation. (I don’t like to put up impediments to freely commenting. However, if I have to resort to sign-ins or to holding all comments for moderation, I hope readers will understand.)
My suggestion to WP bloggers is don’t use the generic “Gravatar Logo,” “Mystery Man,” or “Blank” for readers without their own avatars. Specify Identicons, MonsterIDs, Wavatars, or Retros (Dashboard > Settings > Discussion, Default Avatar) to “fingerprint” your readers.
With luck, Akismet will soon learn to recognize this spam.
(Note: If I should inadvertently block or delete your legitimate comment, please let me know via the contact form so I can restore it.)
.
Related articles
- A Spammy Year in Review (akismet.com)
Haven’t seen it but will be on the lookout.
Posted by Jim Wheeler | January 1, 2013, 1:55 pm MDTDoesn’t look particularly evil. Just annoying having non sequiturs showing up in comments.
Posted by PiedType | January 1, 2013, 4:49 pm MDTIt’s always something. Noticed this recently, too and have been checking commenters more closely. Thanks for collecting the info on this
Posted by philosophermouseofthehedge | January 1, 2013, 3:15 pm MDTJust my observations. Hope it helps.
Posted by PiedType | January 1, 2013, 4:48 pm MDTAnd so the spam war continues. Thanks for the identicon tip. I didn’t even know what those settings were for.
Posted by IzaakMak | January 1, 2013, 10:17 pm MDTI change my settings sometimes. I’ll get tired of the Identicon “quilts.” Then I’ll decide the MonsterIDs look too “cartoony.” Then I’ll decide too many of the Wavatars look sad or angry when the commenters are not that way at all. And the Retro’s pixelation loses its appeal. But they all help make visitors a little more recognizable.
Posted by PiedType | January 1, 2013, 10:42 pm MDTHmmm… interesting. I noticed just today on someone else’s blog a comment with that top avatar. What grabbed my eye was that the sender was viagra-somethingorother, but the comment was “normal.”
Luckily I haven’t seen any yet. Now that I just said that…..
Posted by Michelle | January 1, 2013, 11:03 pm MDTHope you didn’t just jinx yourself.
Posted by PiedType | January 2, 2013, 12:55 am MDTPlease do not exclude me. I am a not yet a blogger. I just follow and comment on a lot of blogs. I am not fancy to all of the terms used,but my grav.may come up as a monster or something. I am a real person with no virus following me around or spam….
Posted by maryisidra | January 2, 2013, 5:47 am MDTI would never exclude you. I know you’ve visited and commented before and I appreciate it. Thx!
Posted by PiedType | January 2, 2013, 10:33 am MDTThanks for the tip-off, PT!
Posted by kateshrewsday | January 3, 2013, 1:20 am MDTBastards… Again with the spam! I’ve had several of these leak through the filters and killed them. It’s like stepping on roaches. Their generic comments revolt me. “I think the information you are conveying in this post is extremely useful and highly entertaining. Please post some more about this issue. How do you think it’s going to affect us going forward? Why do you think people are so obsessed with this product? What’s the mean speed of an African humming bird?” BLARG! We need a SPAMMER overlay stamp to slap on these bastards.
Posted by writerdood | January 3, 2013, 7:39 am MDTGreat analogy — stepping on roaches. This recent spate hasn’t been that generic. They say something that makes them seem so on target that you wonder if it’s a roach or a butterfly. I should have saved one as an example. One useful test I found was to run a search on a phrase from the comment, including one of misspelled words. I found it repeated hundreds of times around the Internet.
Posted by PiedType | January 3, 2013, 8:24 am MDTThat’s annoying. Hopefully they figure it out soon. Have you tried contacting wp support?
Posted by stephanissima | January 4, 2013, 8:43 pm MDTNo, I figured Akismet would figure it out sooner or later. It seems to have dropped off in frequency since I first posted this.
Posted by PiedType | January 4, 2013, 9:03 pm MDTWell, this type of spam has found me now. I just deleted 3 from my “to moderate” notifications. I have to admit, they’re pretty good. But just not good enough. I have to wonder what their purpose is since there isn’t a link to anywhere, nor any apparent product. I’m guessing just hoping to be approved so future comments won’t be moderated and then they’ll hit with the real spam…. I have no idea….
Posted by Michelle | February 2, 2013, 5:23 pm MDTWith questionable comments like that I either hold them in moderation or in the trash for a few days. If the person comes back and complains that they were blocked, I can always restore them. And if I have any doubt about their being spam, I don’t mark them as spam; I just trash them.
Of course, not everyone with an identicon is a spammer; anyone who doesn’t create their own Gravatar will be assigned one. But an identicon always makes me take a second look and wonder why the person has not established or doesn’t want to establish an online identity. If you look at what Akismet has blocked, every one of them will have an identicon, not a Gravatar.
Posted by PiedType | February 2, 2013, 7:52 pm MDTI approved one earlier today. It was on a Jan Brewer post and someone commenting about Arizona. Then after I approved it, I read all of it and realized it wasn’t real. The very last sentence said something about pest control, but as an off comment. Not a sale. So I then spammed it. But for an hour or so after that, all of a sudden I was flooded with those types of spam. So it appears just the one approval caught the spam software’s attention. Then they stopped after an hour. I mean a lot came through, and they were all pretty damn good.
Posted by Michelle | February 2, 2013, 8:21 pm MDTWell, I can see how Jan Brewer might draw a catty remark about “pest control” …
Posted by PiedType | February 2, 2013, 8:32 pm MDTLOL.. yeah.
Posted by Michelle | February 2, 2013, 9:29 pm MDTOMG! It’s going crazy now! I’ve deleted like 30 since I last commented.
Posted by Michelle | February 3, 2013, 10:01 am MDTThat’s a lot more than I got. Mine stopped before it got anywhere near that bad, but your readership is much higher than mine. Maybe temporarily change your settings to require commenter to fill in their name and email every time and/or must be registered and logged in to comment? That would relieve you of having to moderate all that spam. Your “regulars” will understand. You could do a short post explaining why.
Posted by PiedType | February 3, 2013, 10:45 am MDTWell, they finally died down today. Not holding my breath. Interesting thing is that some of them were replies to people’s comments. Odd…..
Posted by Michelle | February 3, 2013, 11:15 pm MDT