Mark on WordPress

WordPress puts food on my table.

User-Submitted Spam

with 5 comments

I’ve recently started seeing a new type of spam. It only appears on posts with images. The content of the spam appears to be innocuous, but the Name and the URL of the commenter are both spammy. The content of the post, although innocuous, appears to be a description of the image. For example, if the image was that of a cat, the comment might be:

“This is a cute picture of a cat stretching out his legs.”

What’s going on here is likely the sort of thing that spammers use to defeat CAPTCHAs. They’re presenting the image in the post to a user who wants something, and the user is providing innocent, human and relevant text to help the spam slip by the filters. Then, a spam comment is submitted on behalf of that user, using the text they provided. Heck, the user may end up submitting the spam themselves, in order to get a nice innocent-looking IP address and user agent. I’ve seen a few of these spams slip by both Bad Behavior and Akismet.

Has anyone else seen spam like that? If you have posts with an image, check them. The comment might have looked innocent enough to slip by you!

Written by Mark Jaquith

December 2, 2006 at 5:02 pm

Posted in akismet, bad behavior, blogs, captcha, spam, wordpress

« Subscribe to Comments 2.1 — Feature and Fix Requests
WordPress 2.0.6 Beta 1 »

5 Responses

Subscribe to comments with RSS.

  1. Seen a few like that, but because I have the “Comment author must have a previously approved comment” option enabled none of them have gotten pass WP spam filtering. :)

    Will

    December 2, 2006 at 7:07 pm

  2. I have comment moderation on too and I’ve seen these spams as well on both my photoblog and http://ocaoimh.ie/ – the spam will generally be on-topic and it’s obvious that the author has read the post but will have a link to a commercial site.
    I even tried emailing the author of one because he provided some useful information but he failed to reply so I zapped his comment, and his spammy wordpress.com blog :)

    Donncha

    December 3, 2006 at 3:19 am

  3. I don’t post many images, so I don’t have that problem. I am however starting to see posts with legit comments, but spam homepages. :(

    Viper007Bond

    December 3, 2006 at 9:43 am

  4. [...] User Submitted Spam: the new gag wave. [...]

    Starked SF, Unforgiving News from the Bay » Blog Archive » Talk of the Town: Tuesday

    December 5, 2006 at 10:44 am

  5. [...] Then I read this post on Mark on WordPress and suddenly realized whats going on, basically the spammers collect a bunch of blog posts with pictures on then display the pictures to people and ask to write a comment about the picture to proceed to there site or something like that… these comments are then posted as comments on my blog with the spammers url in the link field. It’s clever because the comment gets past the cursory glance that I normally give all new comments (I have have moderation enabled on my blog.) and it’s only if you actually look at the URL’s that you notice somethings a bit “funky”. [...]

    Spam Comments on Posts with Pictures at Stuff.za.net

    December 7, 2006 at 11:38 am


Leave a Reply