Comments on: Blogspam that’s not funny

By: K

Wed, 29 Oct 2008 16:18:28 +0000

Let’s put it into perspective. If people were allowed to write their own drivers licenses, we’d have lots more false identities. But on the other hand, if we were smart, we’d all realize that this would make drivers licenses poor forms of ID.

On a WP blog (and plenty others no doubt), the name, mail, and website fields are plain old meaningless blank lines. I can fill it in with whatever I want. Maybe it’s dishonest of me to put an URL in the Website box that isn’t an URL I control. (Or is it? The field doesn’t say “my website”, it just says “website”, and maybe I put a website I like in there, or a website that is relevant to the post or my comment.)

Now, if we want those fields to be more meaningful than just agnostic (heh, pun not intended) blank lines, then perhaps there needs to be a tighter mechanism. Something that tries to affirm that the email is really your email, or that the website is really your website. But how would you go about determining that?

I suppose there’s always services like OpenID. There is an OpenID plugin for WP, I believe, in fact.

By: Mahalia

Mahalia — Wed, 29 Oct 2008 04:21:29 +0000

thanks, i just blogged about it so that my friends and readers will check my IP before accepting my comments. and i guess, deleting it is the only option. it’s just annoying and scary, what else did they “borrowed” from me?

By: Heather

Heather — Mon, 27 Oct 2008 22:07:48 +0000

Thanks for the comments.

I haven’t come across any solutions.

I think partly this is a side effect of there being sites that list everyone who has a dofollow on their comments. Obviously the dofollow links can’t go back to the name-spoofed blog but the whole procedure seems to rely on people not actually looking at the blog name when they click so they might not realise it.

Sometimes normal email spam is set up so it just picks up your email address and puts it in as the sender’s name, just making it look as if someone’s been spamming from your account, while that’s not really so. I just hope the same is true of blogspam.

(If that makes any sense. )

By: Mahalia

Mahalia — Mon, 27 Oct 2008 04:21:06 +0000

I have the exact same thing. how many of my readers got the comment from my “site” that I have not commented on? How will I resolve this? Do you have any suggestions?

By: Christ Davis

Christ Davis — Fri, 24 Oct 2008 00:53:47 +0000

I got virtually the same thing in a comment to a post of mine from months ago. My admittedly cursory traceback led me to a wall, so I just dumped it and forgot it. Perhaps this is a Wordpress specific exploit by a robot hoping to garner a response from an actual person?

By: Christ Davis

Christ Davis — Fri, 24 Oct 2008 00:52:05 +0000

I got virtually the same thing in a comment to a post from months ago. My admittedly cursory traceback led me to a wall, so I just dumped it and forgot it. Perhaps this is a Wordpress specific exploit by a robot hoping to garner a response from an actual person?

By: K

Thu, 23 Oct 2008 23:24:09 +0000

Please. I get bounce messages and spam warnings from sites all the time that got mail that was “forged” with my domain.

When email viruses like SirCam come around, that’s the worst. I get spammed with bounces from the virus mails masquerading in my domain.

By: TW

TW — Thu, 23 Oct 2008 19:46:42 +0000

This is one of the problems with “retributive” measures – often it has no effect on the spammer and hits an innocent third party.

Generally speaking, there isn’t anything that can be done – just be glad Akismet caught it.