Last updated on December 1st, 2010
Over the last few weeks I’ve had another type of comment spam – not a lot, just enough to be seen as different. It arrives as a pingback from various IP addresses and sites.
Here’s an example straight from the comment admin area: *
Only 29% of UK people are Creditworthy | cool.getfreeinsurance.net/only-29-of-uk-people-are-creditworthy.html | IP: 18.104.22.168
[…] Original post by Strangely […]
Not Spam – Sep 1, 3:41 PM – [ View Post ]
- The first thing to notice is that it’s the last post written, i.e. first on the list
- Second is that it seems to be a real comment on my posting from a valid-ish site, or at least a genuine sounding business, at first glance.
- Third: The IP address when a WHOIS is done, has minimal details and points to something called ezineaerticles.com (I won’t show the link because of ….well, see later)
- Fourth: do a google search on any of them and a whole raft of recent logins and dodgy mp3 sites popout at you
- Fifth: follow the link (or the ezinearticles one, and you’ll be taken to a very active but basic WordPress installation. Watch the status bar go beserk! What appears to be happening is that each site will be sending adclick and porno and other dodgy sites referral messages. This will go on for as long as you let it!
- Sixth: on this site, you’ll find a link back to your post, just as it should be.
- Seventh: You’ll probably find that your post is the only thing there!!! Ha Ha.
This I think, is the real purpose of this stuff. It’s a way to build referral record claims, maybe to claim cash back off suckers or circularise some dodgy money dealings.
Also, in two cases that I checked (out of interest) for this sort of thing, I had the page redirect after about 5 secs to a trojan loaded site (see some of my earlier comment spam postings for similar workings and warnings).
If anyone has other reasons for this changing attack method, I’d be pleased to know as I’m new at this lark – but wise to the world 😉