I have a small blog. Mostly I use it as a sample of my nonfiction writing. Anyone can read the posts, and some potential employers have. But the only people who’ve bothered to actually register for the site are friends and relatives.
Except…
Eighty percent of the … ummm … entities signed up for the blog are very odd. Some of them have names like VEDDYINVENNY or TaylorCreditsr (NOTE: These are not the actual names), and email addresses such as semdecd[at]zlicorp.com or ubierkicpyk[at]o2.pl (ditto the addresses). In fact, about a quarter of the questionable users have e-mail addresses from Poland. Recently, though, the trend has shifted to addresses on the order of mavle.g.za.h.uzar.ul.a.1974[at]gmail.com.
Anyway, I’m assuming these are bots. I’ve installed a Captcha plug-in, and am about to delete all the weirdos. No problem. But there’s still something I can’t figure out.
Why do all these bots want to sign up for my blog? What’s in it for them—or, rather, for the people controlling them? They never posted spam on my boards. They never sent out e-mails purporting to be from me. So what’s the point?
They create links either in the messages or the names, which links artificially inflate the SEO value of the page linked to. Basically it’s just advertising, which is usually pointless and worthless, but more so when it’s gobbledegook…
If you have a Wordpress blog use Akismet to filter them out as spam. It’s simple to get a free Akismet key from Wordpress, either. org or .com. I doubt if CAPTCHA will keep them out: many such entities have advanced OCR reading capabilities. And it’s deeply annoying to humans.
I have Akismet, although I haven’t activated it. It scans posts for possible spaminess, but these guys haven’t been leaving any posts.
Thank you for the warning re: OCR, Claverhouse, but the Captcha system I’m using doesn’t involve characters; it uses photos of animals.
So what I’m left with is that the bogus usernames themselves somehow form links back to some website that’s trying to increase its SEO?
Wow. I can’t even imagine how that’d work, since the usernames don’t appear on the site anywhere except my admin master list. I guess that’s why I’m not an evil programming genius.
Some versions of WordPress provide support multiple blogs. They’re registering on the off chance they may be able to create new blogs within your WordPress install, and fill them with spam.
By first creating an account and logging in, they think they may have a better chance getting spam comments posted.
In both cases their ultimate goal is to publish links on your site that point to web sites owned by their clients, in order to influence search engine results. They’re not targeting you in particular, they’re just hitting every WP system they can find that allows registration.
Unless you really need uninvited strangers to create accounts on your blog, I’d recommend disabling the WordPress “Anyone can register” option (Settings / General).
Akismet will stop spammers from posting comments on your blog, but it doesn’t screen account registrations, just comments. A captcha system might cut down on the bogus registrations a little, but it won’t stop them.
Disclosure: I work for the company that runs Akismet.
The amusing thing is, most of the time they’re really advertising for other bots, namely the Google (and other search engine) bots that map the web and rank sites according to the number of links that point to them. You and I are just bystanders.
The Marketingators are out there. They can’t be bargained with. They can’t be reasoned with. They don’t feel pity, or remorse, or fear. And they absolutely will not stop, ever, until you’ve made $$$ in ur spar time!!!1
Nah, instead they all seem to be using a delay between registering and later posting their spam to your comments. Only rarely do I see a spambot register itself and then immediately post. You just haven’t waited long enough.
Perhaps the delay is used to fool human moderators. As in “this person registered months ago, so they just gotta be a real human?”
Or perhaps it’s to work around some particular blog software that imposes a long delay between registration and allowing posts?
I saw on another blog that the spammers have a new technique: they take comments from a few months back and repost them, but this time with a link to whatever they’re shilling.
Bearing in mind I haven’t posted there for a long while, I cleared the Akismet found spam two days before, then looked it for another matter yesterday. There were 75 messages.
[ The other matter, which may be of use to other bloggers was my chance seeing an email from ActiveMeter saying they were closing down and failure to remove their code by Feb 18th could cause problems [ since the java would be querying a non-existent site ].
I apathetically removed the code from footer.php — and elsewhere, and then found also:
Looking it up this led to Crazy Egg . com, a counter I had not installed, but which someone had perhaps by injection. Removing this may mean NoScript doesn’t pick up some weird rotational advertising, as has happened with Cheap NextDay Loans unseen on the site but apparent to NoScript.
Spammers are tricky little bastards. ]
Spam accounts are usually either caught very quickly, or not at all. They let them sit for a while because the ones that remain after a few months are safer to use.
If they posted their payload immediately, it’d be easier for moderators to block them, because they’d know what sites they were advertising.