Comment spam

It appears that a new probe is being used to gain credentials which will allow users to post comment spam to (possibly only WordPress?) blogs: I’ve had a spate, since last night, of comments which include random names and email addresses (all at and the comment of “google yahoo”. That’s it! Nothing else, just the two words and links.

I’ve concluded that these are probes which seem innocuous to the casual blog owner, and therefore are approved to be listed. Once the comment is listed, however, WordPress automatically allows future comments using the same name and email address details. This means that the rogue spammer would be able to spam your blog at will until you un-approve all his previous comments.

I am lucky in that I have an antispam system enabled on my blog, which caught all these spams as being from bots rather than real humans. This means that all the comments were flagged for moderation in addition to the requirement for at least one previous posting that has been approved.

2 replies on “Comment spam”

That is a very worrying development. I guess having a capture system for the comments would be of no use if they are injecting it straight into the database somehow – i will keep my eye out on this developement.

I was right about these seemingly innocuous comments as being a precursor to spam – the same user identifications are now being used to try to get spam past my filters.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.