WordPress Spambot Fodder

December 3rd, 2004

I have been trying to read through some of the things people are saying about WordPress and Spam in the blogosphere and it seems that spambots are picking up posts RIGHT after they get posted even if the blog is very very new. The simple conclusion that I have drawn from this is that the spammers are picking up the links to new posts from….wait for it….the sites that your blog pings (among other things I’m sure).

If you have a brand spanking new blog, have already gotten your first spam attack, turn off your pinger and see if the spam attacks reduce in propensity. If they do, I sure would like to know, though I am not sure how to stop this from happening and continue to ping.

Any thoughts?




  1. James E. Robinson, III (5 comments.) says:

    Yep. Been my observation last few posts (since i don’t post everyday it is very apparent).

    I’m gonna try some spam solutions for awhile (seem to be working), else i’m just gonna kill comments.

  2. Serge K. Keller (2 comments.) says:

    However unsettling, I second this suspicion. Not only did I observe the phenomenon on my own blog and that of my fiancé, but a friend of mine who started a brand new blog on a brand new domain a few weeks ago had a bad spam attack within ours of his very first post. No major search engine did yet list his site either, but he did ping some sites like, etc. (via the ping-o-matic).

    So I guess some clever a****le found a -ehrm- creative way to use and such for spreading his distasteful spam.

    For the record, an install of Spam Karma did bring back things under control.

  3. Mark says:

    I did notice an amazingly large amount of traffic from over the past couple of weeks. Could this be related, I wonder? Is the offending pinger that is getting harvested?

  4. teli (24 comments.) says:

    You know. I have a test sub-domain set up on my server for testing client sites before launch while not messing with my real web stats and I have a robots.txt file in there to stop anyone from indexing and I’ve also not posted the link anywhere – period.

    I have installations of WP, TXT, MT on there and literally the same day I put up a test post to WP (was testing a WP template I was making) I received a spam message – nearly fell out of my chair – damn spammers.

    This isn’t even a public blog, page, or website and it still got spammed. I realized that I did have pinging set up so I truly believe that’s where the spammers are coming from…they seem to be getting more cunning every day.

  5. Corentin says:

    For a while I even thought that I got hacked somehow and that the code for generating the spam was in my .php files. I analyzed the files and didn’t find anything that could confirm that :-\ It might have been rather well hidden though. I was planning on installing the same files on my Mac and run the server only locally to see whether I can get the “auto-comment” without being accessible through the Internet :-(


  6. Laen says:

    Actually, they’re just commenting on posts that don’t exist yet.

    wp-comments-post.php doesn’t check to see if a the postID exists when someone posts a comment, so they just post with postIDs that don’t exist _yet_, filling up your database with comment spam.

    I don’t know of a plugin to clean this up. You might have to go into the database directly. :/

    Read more about it on Tackling Comment Spam.

  7. john rieber says:

    yep–i think you’re right. i just installed wordpress, made a test post, and (no kidding–thirty seconds later) was immediately barraged with spam in my comments section. disabling pings stopped it.

  8. Corentin says:

    Thanks a lot for the link Laen. I’ll get there right now.

Obviously Powered by WordPress. © 2003-2013

page counter