« Home

Comment Spam - working example



Comment Spam is as old as the whole idea of blogging. In this article I will show you on an example, how to automatically put comments on WordPress blogs. On the bottom you will find a working script that does it.


The most common way of fighting the procedere of Comment Spam is putting the "rel=nofollow" parameter in <a> tag. It prevents search engines spiders from following such link. Ergo - spammers loose their motivation to spam. And most of them actually did. These days, comment spamming is nowhere near as popular as it used to be.

So why comment spam at all? Well - first: not all spiders follow the rule of not-following no-follow param ;-) Second: traffic. If you manage to create interesting comment (ideally - related to the content of the spammed post), and spam enough blogs... You can get some traffic.

Comment spamming WordPress blogs is easy as 1-2-3.
After reading this article all you will need is a server with PHP.

The script does the following things:

A - look for WP blogs in Yahoo
B - post a comment

A) The script has a basic list of 100 most popular words in english language. It takes 2 random words, then queries Yahoo for WP blogs containing those words. Normally spammers take Google results. But I don't wanna mess with my Biggest Friend.

B) Every post on WP has an ID. We don't really wanna be bothered with extracting it... we just take a random number between 10 and 30, and try to comment on post with that ID.

Just select the text below, save it as commenter.php, put it on the server and you can start your career as a comment spammer.


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=UTF-8">
<title>OnlineMarketingReport - SPAM 2.0 - Comment Spamming WordPress Blogs</title>
<style type="text/css">
body{background:#cccccc; text-align:center; margin:20px; font-family:arial; font-size:12px}
td{font-family:arial; font-size:12px}
input{width:300px}
textarea{width:300px}
</style>
</head>
<body>
<div style="margin:auto; background:white; border:1px solid black; width:400px; padding:10px">

<?php

if(!isset($_GET["start"])){

print("Shall we <a href=\"?start\">BEGIN</a>?");

}else if(!isset($_POST["comment"])){

$keywords=array("age","air","anger","animal","answer","apple","area","arm","art","atom","baby","back","ball","band","bank","bar","base","bat","bear","beauty","bell","bird","bit","block","blood","blow","board","boat","body","bone","book","bottom","box","boy","branch","bread","break","brother","call","camp","capital","captain","car","card","care","case","cat","cause","cell","cent","century","chair","chance","change","character","chick","chief","child","children","chord","circle","city","class","climb","clock","cloud","coast","coat","cold","colony","color","column","company","condition","consonant","continent","copy","corn","cost","cotton","country","course","cover","cow","crop","cross","crowd","cry","current","cut","dad","dance","danger","day","dead","deal","death","decimal","degree","design");
$urls=array();

$key=$keywords[rand(0,count($keywords)-1)]."+".$keywords[rand(0,count($keywords)-1)];

for($ind=0;$ind<3;$ind++){
$num=$ind*100;
$return="";
$header="GET /search?n=100&va_vt=any&p=".$key."+site%3Awordpress.com&b=".$num." HTTP/1.0\r\n";
$header.="Host: search.yahoo.com\r\n";
$header.="Connection: close\r\n";
$header.="\r\n";
$con=fsockopen("search.yahoo.com",80);
fwrite($con,$header);
while(!feof($con))$return.=fread($con,2048);
fclose($con);

$return=explode("<a class=yschttl href=\"http://",$return);

if(count($return)>5){
for($ind1=1;$ind1<count($return)-1;$ind1++){
$return[$ind1]=explode("\">",$return[$ind1]);
$url=explode(".",$return[$ind1][0]);
$url=$url[0];
$urls[$url]=$url;
}
}else $ind=5;
}

$count=count($urls);
$urls=implode("|",$urls);

print("I have found <strong>".$count."</strong> blogs that contain those words: <strong>".str_replace("+"," </strong>or<strong> ",$key)."</strong><hr />");
print("<form action=\"\" method=\"post\">");
print("<table style=\"margin:auto\">");
print("<tr><td>name: </td><td><input type=\"text\" name=\"author\" /></td></tr>");
print("<tr><td>email: </td><td><input type=\"text\" name=\"email\" /></td></tr>");
print("<tr><td>url: </td><td><input type=\"text\" name=\"url\" /></td></tr>");
print("<tr><td>comment: </td><td><textarea name=\"comment\"></textarea></td></tr>");
print("</table>");
print("<input type=\"hidden\" name=\"urls\" value=\"".$urls."\" />");
print("<input type=\"submit\" value=\"SPAM THEM!\" />");
print("</form>");

}else if($_POST["author"]!="" and $_POST["email"]!="" and $_POST["url"]!="" and $_POST["comment"]!="" and $_POST["urls"]!=""){

$urls=explode("|",$_POST["urls"]);

print("If commens are not moderated,<br /> you can see your comments here: <br />\n<div style=\"text-align:left\"><ul>\n");
for($ind=0;$ind<count($urls);$ind++){

$return="";
$query="author=".$_POST["author"]."&email=".$_POST["email"]."&url=".$_POST["url"]."&comment=as-94783-sa\n\n".$_POST["comment"]."&comment_post_ID=".rand(10,30);
$header="POST /wp-comments-post.php HTTP/1.0\r\n";
$header.="Host: ".$urls[$ind].".wordpress.com\r\n";
$header.="Content-type: application/x-www-form-urlencoded\r\n";
$header.="Content-length: ".strlen($query)."\r\n";
$header.="Connection: close\r\n";
$header.="\r\n";
$con=fsockopen($urls[$ind].".wordpress.com",80);
fwrite($con,$header.$query);
while(!feof($con))$return.=fread($con,2048);
fclose($con);

if(ereg(" 302 Found",$return) and ereg("Location: http://".$urls[$ind].".wordpress.com/",$return)){
$spammed=explode("\r\nContent-type: ",$return);
$spammed=explode("Location: ",$spammed[0]);
$spammed=$spammed[1];
print("<li><a href=\"".$spammed."\">".substr($spammed,0,50)."...</a></li>\n");
}
}
print("\n</ul></div>");
print("<br /><br /><a href=\"?start\">Do it again!</a>");
}else{

print("Why don't you just fill all fields? Hit browser's back button");

}

?>


TAGS: , , ,


Social Bookmark Subscribe

Pretty cool. How were you able to post to a blocked blog?

jap doesn`t worked, changed the host and everything...word...but it does not work =) dang!

But thx anyway man

Same here, I tried it on three servers and still not working! Please don't leave us on our appetite!

thx

macromind

javascript:alert(' .')

i try your script but it didn't work why????

can you provide downloadable script which works directly ?

reason why this won't work is because some of the code is running off the page and then don't show it.

^^

hi, your script does not work!

I have tried to change keywords array with my own keywords but it still doesn't work

it doesn't work also for me

tried again and it works, but comment must be writed at moment... I dont know why. Some suggeston?

change line 41 to

$return=explode("<a class=\"yschttl spt\" href=\"http://",$return);

Haha - spam comments.

Post a Comment

Previous posts

The deal:

I had a dream... that my blog has backlinks from all possible top-level domains...

Collected baclinks

Not yet...

.aq, .aw, .ax, .az, .ba, .bb, .bd, .be, .bf, .bg, .bh, .bi, .bj, .bm, .bn, .bo, .br, .bs, .bt, .bv, .bw, .by, .bz, .ca, .cc, .cd, .cf, .cg, .ch, .ci, .ck, .cl, .cm, .cn, .co, .cr, .cu, .cv, .cx, .cy, .cz, .de, .dj, .dk, .dm, .do, .dz, .ec, .ee, .eg, .er, .es, .et, .eu, .fi, .fj, .fk, .fm, .fo, .fr, .ga, .gb, .gd, .ge, .gf, .gg, .gh, .gi, .gl, .gm, .gn, .gp, .gq, .gr, .gs, .gt, .gu, .gy, .hk, .hm, .hn, .hr, .ht, .hu, .id, .ie, .il, .im, .in, .io, .iq, .ir, .is, .it, .je, .jm, .jo, .jp, .ke, .kg, .kh, .ki, .km, .kn, .kr, .kw, .ky, .kz, .la, .lb, .lc, .li, .lk, .lr, .ls, .lt, .lu, .lv, .ly, .ma, .mc, .md, .mg, .mh, .mk, .ml, .mm, .mn, .mo, .mp, .mq, .mr, .ms, .mt, .mu, .mv, .mw, .mx, .my, .mz, .na, .nc, .ne, .nf, .ng, .ni, .nl, .no, .np, .nr, .nu, .nz, .om, .pa, .pe, .pf, .pg, .ph, .pk, .pl, .pm, .pn, .pr, .ps, .pt, .pw, .py, .qa, .re, .ro, .ru, .rw, .sa, .sb, .sc, .sd, .se, .sg, .sh, .si, .sj, .sk, .sl, .sm, .sn, .so, .sr, .st, .su, .sv, .sy, .sz, .tc, .td, .tf, .tg, .th, .tj, .tk, .tl, .tm, .tn, .to, .tp, .tr, .tt, .tv, .tw, .tz, .ua, .ug, .uk, .um, .us, .uy, .uz, .va, .vc, .ve, .vg, .vi, .vn, .vu, .wf, .ws, .ye, .yt, .yu, .za, .zm, .zw