I did notice an amazingly large amount of traffic from blo.gs over the past couple of weeks. Could this be related, I wonder? Is blog.gs the offending pinger that is getting harvested?
You know. I have a test sub-domain set up on my server for testing client sites before launch while not messing with my real web stats and I have a robots.txt file in there to stop anyone from indexing and I’ve also not posted the link anywhere – period.
I have installations of WP, TXT, MT on there and literally the same day I put up a test post to WP (was testing a WP template I was making) I received a spam message – nearly fell out of my chair – damn spammers.
This isn’t even a public blog, page, or website and it still got spammed. I realized that I did have pinging set up so I truly believe that’s where the spammers are coming from…they seem to be getting more cunning every day.
For a while I even thought that I got hacked somehow and that the code for generating the spam was in my .php files. I analyzed the files and didn’t find anything that could confirm that :-\ It might have been rather well hidden though. I was planning on installing the same files on my Mac and run the server only locally to see whether I can get the “auto-comment” without being accessible through the Internet
Actually, they’re just commenting on posts that don’t exist yet.
wp-comments-post.php doesn’t check to see if a the postID exists when someone posts a comment, so they just post with postIDs that don’t exist _yet_, filling up your database with comment spam.
I don’t know of a plugin to clean this up. You might have to go into the database directly. :/
yep–i think you’re right. i just installed wordpress, made a test post, and (no kidding–thirty seconds later) was immediately barraged with spam in my comments section. disabling pings stopped it.
An avid fan of business, education, technology and finance. I lead a lean, highly focussed and capable team of Java Back End developers and Front End developers through a maze of complex software wizardry to fulfill the web maintenance needs of a large chemical manufacturer. As per Myers-Briggs Personality Types, I am an ESTJ. I pride in a project completed on time and according to plan. My hobbies include all kinds of technology, anything that I can taste and anything that goes fast or flies in the air. I like to read business books and comics in my spare time.
Yep. Been my observation last few posts (since i don’t post everyday it is very apparent).
I’m gonna try some spam solutions for awhile (seem to be working), else i’m just gonna kill comments.
However unsettling, I second this suspicion. Not only did I observe the phenomenon on my own blog and that of my fiancé, but a friend of mine who started a brand new blog on a brand new domain a few weeks ago had a bad spam attack within ours of his very first post. No major search engine did yet list his site either, but he did ping some sites like blo.gs, etc. (via the ping-o-matic).
So I guess some clever a****le found a -ehrm- creative way to use blo.gs and such for spreading his distasteful spam.
For the record, an install of Spam Karma did bring back things under control.
I did notice an amazingly large amount of traffic from blo.gs over the past couple of weeks. Could this be related, I wonder? Is blog.gs the offending pinger that is getting harvested?
You know. I have a test sub-domain set up on my server for testing client sites before launch while not messing with my real web stats and I have a robots.txt file in there to stop anyone from indexing and I’ve also not posted the link anywhere – period.
I have installations of WP, TXT, MT on there and literally the same day I put up a test post to WP (was testing a WP template I was making) I received a spam message – nearly fell out of my chair – damn spammers.
This isn’t even a public blog, page, or website and it still got spammed. I realized that I did have pinging set up so I truly believe that’s where the spammers are coming from…they seem to be getting more cunning every day.
For a while I even thought that I got hacked somehow and that the code for generating the spam was in my .php files. I analyzed the files and didn’t find anything that could confirm that :-\ It might have been rather well hidden though. I was planning on installing the same files on my Mac and run the server only locally to see whether I can get the “auto-comment” without being accessible through the Internet
Corentin
Actually, they’re just commenting on posts that don’t exist yet.
wp-comments-post.php doesn’t check to see if a the postID exists when someone posts a comment, so they just post with postIDs that don’t exist _yet_, filling up your database with comment spam.
I don’t know of a plugin to clean this up. You might have to go into the database directly. :/
Read more about it on Tackling Comment Spam.
yep–i think you’re right. i just installed wordpress, made a test post, and (no kidding–thirty seconds later) was immediately barraged with spam in my comments section. disabling pings stopped it.
Thanks a lot for the link Laen. I’ll get there right now.