I use Akismet, and as a result most of the spam directed towards my blog gets trapped. Some stuff does get through, and there’s something about the stuff that gets through that intrigues me. So I thought I’d share it and find out if anyone can shed light on the phenomenon.
A large percentage of the spam that does get through seems to be directed at a particular post, as shown below:
It’s an old post, nearly three years old. And it doesn’t read too well, the quotation marks have been replaced by hieroglyphics ever since I recovered the post from backup. But I can’t see anything unusual or different about the post, something strange that would attract spam. Yet maybe 70 per cent of the spam that makes it past Akismet is directed towards this post. Anyone know why? Anyone experience anything similar?
The URL for a particular WordPress post contains part of the post’s title, so it’s not possible to infer the URL of other posts from it. This is good design on WordPress’s part.
What it means (I guess) is that it will always be particular posts that get the spam once they are on the botnet’s list. This is certainly true for my own WordPress blog.
I have noticed that the spamming dies off after a few days. I am assiduous about marking the comments as spam, but I don’t know whether Akismet is responsible for the decline or whether the botnet is smart enough to work out that its spam attempts have failed and to remove the post from its list.
I have noticed ‘placeholder’ spam on mine and other people’s blogs – random comments with no link. I am assuming these are ‘proof of concept’ comments that can be sold to Cialis merchants by the botnet owner: “I have 15 million vulnerable blogs for you to advertise on, please give me some money for access to them”.
Lastly, a wiki that I manage has recently been updated by some sort of bot (see here for example. This required the bot to create an account then log in and create a new wiki page.
The page contents look like some sort of data to me, but I have no idea what the purpose of this exercise is for them. Interesting. I will delete these pages eventually but I’m waiting to see what use is made of them if any.
Interesting. I will delete the post and see what happens.
Or just change the permalink (in edit mode just under the title) in the post and see if that shakes the bot off of the tail.
Thanks, you got to me before I deleted the post. Now I will have more valuable information, all I have done is edit the link.
The date is the key. Spambots have been having a great time with older posts. I was getting between 20 – 150 per day on old posts.
Once I reconfigured my blog to automatically close comments after 14 days, the spam problem has gone to zero.
The change in postings without internal links inside the postings is probably for ping services looking for URL’s that get caught by feedreaders to up the ‘juice’ of the sites.
It sucks
Alan,
The problem with closing comments after a certain amount of time is that you are possibly shutting down the conversation. I say possibly because I have found, unscientifically, that most comments on blogs come in within a short amount of time (few days). I’ve been interested for some time for some statistics/study on blog comments and was hoping someone might publish such a study. Maybe it is just me but I like and seem to be having conversations that are ongoing and not constrained by any set time-limit.
I guess another way the bots find these old posts is from WordPress’s “Possibly related posts” list that it adds to the post’s individual page (on my blog at least).
Ed,
Closing comments does shut down conversation, however as you mention and my experience is the same, most commenting is done in a short time frame.
The issue here is spam, which is not a conversation enhancement.
That being said, the public conversational aspect of blogs, which is why I and the majority of bloggers do it, with open time response periods usually spirals down into something rivaling the villagers with pitchforks, who turn on themselves, adding neither value nor substance to the conversation.
It is a judgment call and a balancing act between spending one’s time conversing or killing spam, which cuts down on the time posting or conversing.
If the conversation is important enough, there are always alternative methods to continue.
As far as stats on spam and posts, probably the best folks to have data would be the Askimet/WordPress folks.
The problem with publicizing this data is spammers will now have new data to work with.
I’ve been wondering about that as well which is how I found your post. I get this problem as well, and the only reason I can think of is that the post may be better listed on the search engines making it a more viable target, or the post unwittingly has a high density of keywords that the spammers are targeting.
Other than that I am pretty clueless as well as to why some posts attract more spam than others, but would very much like to know