Idly deleting the blogspam in Akismet I see that this blog appears to have got spam from… itself.
admin | info@www.whydontyou.org.uk | whydontyou.org.uk | IP: 85.153.7.194
Your investigation have been helpfull for me. I wish everybody writes article as this.
WTF? Well, I suppose it’s always possible that I am suffering from a brain disease that makes me both send out spam at random and forget that I’ve sent it.
Plus removes any native-speaking familiarity with the English langauge.
Not to mention that it seems that I’ve been absent-mindedly visiting Turkey without realising it. Because this host is what that IP resolves to (assuming, for no good reason, that the originating IP isn’t spoofed)
Turkey
City: Istanbul
Latitude: 41.0186 Longitude: 28.9647
Host: barbaros.turkbilnet.com
IP: 85.153.7.194
This really pisses me off. If the spammers are so prolific that they’ve spammed the blog they were using as a pretend source, how many other blogs have got spams that seem to originate from here?
Does anyone have any suggestions about what to do about this?
This is one of the problems with “retributive” measures – often it has no effect on the spammer and hits an innocent third party.
Generally speaking, there isn’t anything that can be done – just be glad Akismet caught it.
Please. I get bounce messages and spam warnings from sites all the time that got mail that was “forged” with my domain.
When email viruses like SirCam come around, that’s the worst. I get spammed with bounces from the virus mails masquerading in my domain.
I got virtually the same thing in a comment to a post from months ago. My admittedly cursory traceback led me to a wall, so I just dumped it and forgot it. Perhaps this is a WordPress specific exploit by a robot hoping to garner a response from an actual person?
I got virtually the same thing in a comment to a post of mine from months ago. My admittedly cursory traceback led me to a wall, so I just dumped it and forgot it. Perhaps this is a WordPress specific exploit by a robot hoping to garner a response from an actual person?
I have the exact same thing. how many of my readers got the comment from my “site” that I have not commented on? How will I resolve this? Do you have any suggestions?
Thanks for the comments.
I haven’t come across any solutions.
I think partly this is a side effect of there being sites that list everyone who has a dofollow on their comments. Obviously the dofollow links can’t go back to the name-spoofed blog but the whole procedure seems to rely on people not actually looking at the blog name when they click so they might not realise it.
Sometimes normal email spam is set up so it just picks up your email address and puts it in as the sender’s name, just making it look as if someone’s been spamming from your account, while that’s not really so. I just hope the same is true of blogspam.
(If that makes any sense. )
thanks, i just blogged about it so that my friends and readers will check my IP before accepting my comments. and i guess, deleting it is the only option. it’s just annoying and scary, what else did they “borrowed” from me?
Let’s put it into perspective. If people were allowed to write their own drivers licenses, we’d have lots more false identities. But on the other hand, if we were smart, we’d all realize that this would make drivers licenses poor forms of ID.
On a WP blog (and plenty others no doubt), the name, mail, and website fields are plain old meaningless blank lines. I can fill it in with whatever I want. Maybe it’s dishonest of me to put an URL in the Website box that isn’t an URL I control. (Or is it? The field doesn’t say “my website”, it just says “website”, and maybe I put a website I like in there, or a website that is relevant to the post or my comment.)
Now, if we want those fields to be more meaningful than just agnostic (heh, pun not intended) blank lines, then perhaps there needs to be a tighter mechanism. Something that tries to affirm that the email is really your email, or that the website is really your website. But how would you go about determining that?
I suppose there’s always services like OpenID. There is an OpenID plugin for WP, I believe, in fact.