Sep 012008
 

Last updated on December 1st, 2010

Over the last few weeks I’ve had another type of comment spam – not a lot, just enough to be seen as different.  It arrives as a pingback from various IP addresses and sites.

Here’s an example straight from the comment admin area: *

Only 29% of UK people are Creditworthy | cool.getfreeinsurance.net/only-29-of-uk-people-are-creditworthy.html | IP: 208.43.196.98

[…] Original post by Strangely […]

Not Spam – Sep 1, 3:41 PM – [ View Post ]

  • The first thing to notice is that it’s the last post written, i.e. first on the list
  • Second is that it seems to be a real comment on my posting from a valid-ish site, or at least a genuine sounding business, at first glance.
  • Third:  The IP address when a WHOIS is done, has minimal details and points to something called ezineaerticles.com  (I won’t show the link because of ….well, see later)
  • Fourth: do a google search on any of them and a whole raft of recent logins and dodgy mp3 sites popout at you
  • Fifth:  follow the link (or the ezinearticles one, and you’ll be taken to a very active but basic WordPress installation.  Watch the status bar go beserk! What appears to be happening is that each site will be sending adclick and porno and other dodgy sites referral messages.  This will go on for as long as you let it!
  • Sixth: on this site, you’ll find a link back to your post, just as it should be.
  • Seventh:  You’ll probably find that your post is the only thing there!!! Ha Ha.

This I think, is the real purpose of this stuff.  It’s a way to build referral record claims, maybe to claim cash back off suckers or circularise some dodgy money dealings.

Also, in two cases that I checked (out of interest) for this sort of thing, I had the page redirect after about 5 secs to a trojan loaded site (see some of my earlier comment spam postings for similar workings and warnings).

If anyone has other reasons for this changing attack method, I’d be pleased to know as I’m new at this lark – but wise to the world 😉

  3 Responses to “Yet another WordPress Comment Spam Method”

  1. No cards are easy to get approved for anymore. Consumer credit lines have now been cut by over $2.5 Trillion (last week's figures, thru end-July). Credit lines are being reduced or eliminated entirely. New credit is not being extended unless you have excellent credit.

    If you can get a new credit card application approved, the amount of the credit limit will depend on your income and amount of credit currently available to you.

  2. It seems to be a kind-of scraper-referral-builder-trojan-dumping spam.
    Since this time, I haven’t had much like it. Perhaps someone’s trying a proof of concept which is why there’s not much on it?

    The dodgy websites will usually be flagged as such anyway, as the increasing use of browsers with phishing lookups and auto-referers from various sources, logs them as they are found.

  3. I just ran into this for the first time today. When I went to check out the pingback, my spam protection flagged it as dangerous. Obviously somebody knows the thing is less than reputable but surprisingly little besides your post came up when I searched on the issue.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

© 1977, Strangely Perfect.