Over the weekend I was hit with a new kind of spammer, a more sophisticated version of the old scam.
I first realized it when I got the feeling I was approving the same comments more than once. For instance, there was this comment from one “j,” which I believe is legit:
Brad,
Great to meet you at the fish fry.
Kathryn, he was definitely in shirt-sleeves with no tie!
J
That was a response, on that same post, to a comment from Kathryn Fenner saying in part, “What, no photo of you half-nekkid (by your standards). I mean, shirt-sleeves! Ye gods!”
So this morning, I was approving comments, and saw that comment again. Gee, I thought I had approved that before. Then I noticed something else — two or three other familiar-sounding comments. All of them were relevant, addressing the actual content of the post. All were current — spam tends to hit posts that are several months old.
Also, all of them had e-mail addresses consisting of the same first name that the comment was signed with, followed by two digits. For instance, the one from “Patrick” that repeated the above comment from “j” gave the e-mail address “patrick75@hotmail.com.”
Finally, each spam comment included a link to a website. Usually with spam, that would be a porn site or something selling Viagra or Caribbean vacations or something. But these were imaginary blogs with zero content. The “Patrick” one was “idolcarnival.com,” which you would see, were you to click on it (WHICH I URGE YOU NOT TO DO), is a “blog” with no content. As were “loudblast.net,” “guiltymethod.com,” “imperialrage.com” and “scarletcult.com.” They are all identical-looking blank websites.
What this spam is meant to achieve I don’t know, but as I say, don’t go to those sites.
I only mention all this in such detail in order to ask you to help me keep an eye out. I might accidentally approve some of these again, and I’d appreciate a heads-up from y’all if you spot one.
Thanks.
I think you call that “phishing,” not spam. If they can get you to click the link, they can infect your computer with a virus which then sends spam to everyone on your e-mail list, from your e-mail address. At least I think that’s what that is. For a while I was getting junk e-mail from my own address.
Last night, your site was showing a giant SPAM post larded with Viagra links instead of a leading post.
I am REAL, Brad 🙂 Please make a note of it…and how do I put my picture on here??? Thx
After a little more digging — the links are hidden because the injected script is building code to put them at (-200,-200) and hide the overflow. The links themselves are to an assignment by James Gentle at George Mason University (he’s a professor). You might want to let him know his code is being used to spam. You might be able to find where the code injection is happening in your code and fix it. (I of course don’t know how much of your code you have access to, or how much is in script — you may have to reinstall some modules instead). Of course, your own “techie” would know this — I only offer the info in case your trying to fly solo and do your own tech work….
Here’s a link to figure out who owns the domains, http://www.dnstools.com/. All of those domains you mentioned are owned by one person hidnig behind privacy and were created 4/18/10.
I spoke with the perfesser, and he agrees with Matt–it’s phishing, not spam, and it’s a virus. This sounds like a job for your techie. Note that it started after you migrated to your new host.