New kind of spam on WordPress

computer-generated avatarsI’ve recently noticed a new kind of spam getting through Akismet and into my comments. It doesn’t contain a lot of links, doesn’t come from email addresses or URLs containing commercial names, and isn’t full of nonsense strings of unrelated words. Nothing so obvious. Nor does it all appear to come from the same URL, IP, or country. It does, however, seem to contain at least one scrambled/misspelled word (eg, thhogut instead of thought) and appears to be slightly off-topic or refers to something or someone that does not actually appear in the post or other comments. And, so far, most of the names link to seemingly innocuous Facebook profile pages, although never the same one.

The tip-off was that the same Identicon appeared with all of them. Identicons, as well as MonsterIDs, Wavatars, and Retros, assign avatars based on email addresses, IPs, and/or hash values. I don’t understand exactly what hash values are, but the resulting avatars are supposedly unique to each user, just like a fingerprint.

Unfortunately, there is no way to include an image in WordPress’s Discussion settings, where you can list specific IPs or words (Settings > Discussion, Comment Blacklist). If I blacklist “facebook.com/profile” or even just “facebook,” several of my legitimate readers will be blocked. So for now, with apologies to those readers, URLs from “facebook.com/profile” will be held for moderation. (I don’t like to put up impediments to freely commenting. However, if I have to resort to sign-ins or to holding all comments for moderation, I hope readers will understand.)

My suggestion to WP bloggers is don’t use the generic “Gravatar Logo,” “Mystery Man,” or “Blank” for readers without their own avatars. Specify Identicons, MonsterIDs, Wavatars, or Retros (Dashboard > Settings > Discussion, Default Avatar) to “fingerprint” your readers.

With luck, Akismet will soon learn to recognize this spam.

(Note: If I should inadvertently block or delete your legitimate comment, please let me know via the contact form so I can restore it.)

.



Categories: blogging, Internet, WordPress

26 replies

  1. Haven’t seen it but will be on the lookout.

  2. It’s always something. Noticed this recently, too and have been checking commenters more closely. Thanks for collecting the info on this

  3. And so the spam war continues. Thanks for the identicon tip. I didn’t even know what those settings were for.

    • I change my settings sometimes. I’ll get tired of the Identicon “quilts.” Then I’ll decide the MonsterIDs look too “cartoony.” Then I’ll decide too many of the Wavatars look sad or angry when the commenters are not that way at all. And the Retro’s pixelation loses its appeal. But they all help make visitors a little more recognizable.

  4. Hmmm… interesting. I noticed just today on someone else’s blog a comment with that top avatar. What grabbed my eye was that the sender was viagra-somethingorother, but the comment was “normal.”

    Luckily I haven’t seen any yet. Now that I just said that…..

  5. Please do not exclude me. I am a not yet a blogger. I just follow and comment on a lot of blogs. I am not fancy to all of the terms used,but my grav.may come up as a monster or something. I am a real person with no virus following me around or spam….

  6. Bastards… Again with the spam! I’ve had several of these leak through the filters and killed them. It’s like stepping on roaches. Their generic comments revolt me. “I think the information you are conveying in this post is extremely useful and highly entertaining. Please post some more about this issue. How do you think it’s going to affect us going forward? Why do you think people are so obsessed with this product? What’s the mean speed of an African humming bird?” BLARG! We need a SPAMMER overlay stamp to slap on these bastards.

    • Great analogy — stepping on roaches. This recent spate hasn’t been that generic. They say something that makes them seem so on target that you wonder if it’s a roach or a butterfly. I should have saved one as an example. One useful test I found was to run a search on a phrase from the comment, including one of misspelled words. I found it repeated hundreds of times around the Internet.

  7. That’s annoying. Hopefully they figure it out soon. Have you tried contacting wp support?

  8. Well, this type of spam has found me now. I just deleted 3 from my “to moderate” notifications. I have to admit, they’re pretty good. But just not good enough. I have to wonder what their purpose is since there isn’t a link to anywhere, nor any apparent product. I’m guessing just hoping to be approved so future comments won’t be moderated and then they’ll hit with the real spam…. I have no idea….

    • With questionable comments like that I either hold them in moderation or in the trash for a few days. If the person comes back and complains that they were blocked, I can always restore them. And if I have any doubt about their being spam, I don’t mark them as spam; I just trash them.

      Of course, not everyone with an identicon is a spammer; anyone who doesn’t create their own Gravatar will be assigned one. But an identicon always makes me take a second look and wonder why the person has not established or doesn’t want to establish an online identity. If you look at what Akismet has blocked, every one of them will have an identicon, not a Gravatar.

      • I approved one earlier today. It was on a Jan Brewer post and someone commenting about Arizona. Then after I approved it, I read all of it and realized it wasn’t real. The very last sentence said something about pest control, but as an off comment. Not a sale. So I then spammed it. But for an hour or so after that, all of a sudden I was flooded with those types of spam. So it appears just the one approval caught the spam software’s attention. Then they stopped after an hour. I mean a lot came through, and they were all pretty damn good.

Trackbacks

  1. Heads up; the spammers are back | Pied Type
  2. Another spate of ‘compliments’ | Pied Type
  3. Spammers use trackbacks, pingbacks, and reblogs | Pied Type

"There is no conversation more boring than the one where everybody agrees." ~ Michel de Montaigne

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: