Comment Spam - working example
The most common way of fighting the procedere of Comment Spam is putting the "rel=nofollow" parameter in <a> tag. It prevents search engines spiders from following such link. Ergo - spammers loose their motivation to spam. And most of them actually did. These days, comment spamming is nowhere near as popular as it used to be.
So why comment spam at all? Well - first: not all spiders follow the rule of not-following no-follow param ;-) Second: traffic. If you manage to create interesting comment (ideally - related to the content of the spammed post), and spam enough blogs... You can get some traffic.
Comment spamming WordPress blogs is easy as 1-2-3.
After reading this article all you will need is a server with PHP.
The script does the following things:
A - look for WP blogs in Yahoo
B - post a comment
A) The script has a basic list of 100 most popular words in english language. It takes 2 random words, then queries Yahoo for WP blogs containing those words. Normally spammers take Google results. But I don't wanna mess with my Biggest Friend.
B) Every post on WP has an ID. We don't really wanna be bothered with extracting it... we just take a random number between 10 and 30, and try to comment on post with that ID.
Just select the text below, save it as commenter.php, put it on the server and you can start your career as a comment spammer.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=UTF-8">
<title>OnlineMarketingReport - SPAM 2.0 - Comment Spamming WordPress Blogs</title>
<style type="text/css">
body{background:#cccccc; text-align:center; margin:20px; font-family:arial; font-size:12px}
td{font-family:arial; font-size:12px}
input{width:300px}
textarea{width:300px}
</style>
</head>
<body>
<div style="margin:auto; background:white; border:1px solid black; width:400px; padding:10px">
<?php
if(!isset($_GET["start"])){
print("Shall we <a href=\"?start\">BEGIN</a>?");
}else if(!isset($_POST["comment"])){
$keywords=array("age","air","anger","animal","answer","apple","area","arm","art","atom","baby","back","ball","band","bank","bar","base","bat","bear","beauty","bell","bird","bit","block","blood","blow","board","boat","body","bone","book","bottom","box","boy","branch","bread","break","brother","call","camp","capital","captain","car","card","care","case","cat","cause","cell","cent","century","chair","chance","change","character","chick","chief","child","children","chord","circle","city","class","climb","clock","cloud","coast","coat","cold","colony","color","column","company","condition","consonant","continent","copy","corn","cost","cotton","country","course","cover","cow","crop","cross","crowd","cry","current","cut","dad","dance","danger","day","dead","deal","death","decimal","degree","design");
$urls=array();
$key=$keywords[rand(0,count($keywords)-1)]."+".$keywords[rand(0,count($keywords)-1)];
for($ind=0;$ind<3;$ind++){
$num=$ind*100;
$return="";
$header="GET /search?n=100&va_vt=any&p=".$key."+site%3Awordpress.com&b=".$num." HTTP/1.0\r\n";
$header.="Host: search.yahoo.com\r\n";
$header.="Connection: close\r\n";
$header.="\r\n";
$con=fsockopen("search.yahoo.com",80);
fwrite($con,$header);
while(!feof($con))$return.=fread($con,2048);
fclose($con);
$return=explode("<a class=yschttl href=\"http://",$return);
if(count($return)>5){
for($ind1=1;$ind1<count($return)-1;$ind1++){
$return[$ind1]=explode("\">",$return[$ind1]);
$url=explode(".",$return[$ind1][0]);
$url=$url[0];
$urls[$url]=$url;
}
}else $ind=5;
}
$count=count($urls);
$urls=implode("|",$urls);
print("I have found <strong>".$count."</strong> blogs that contain those words: <strong>".str_replace("+"," </strong>or<strong> ",$key)."</strong><hr />");
print("<form action=\"\" method=\"post\">");
print("<table style=\"margin:auto\">");
print("<tr><td>name: </td><td><input type=\"text\" name=\"author\" /></td></tr>");
print("<tr><td>email: </td><td><input type=\"text\" name=\"email\" /></td></tr>");
print("<tr><td>url: </td><td><input type=\"text\" name=\"url\" /></td></tr>");
print("<tr><td>comment: </td><td><textarea name=\"comment\"></textarea></td></tr>");
print("</table>");
print("<input type=\"hidden\" name=\"urls\" value=\"".$urls."\" />");
print("<input type=\"submit\" value=\"SPAM THEM!\" />");
print("</form>");
}else if($_POST["author"]!="" and $_POST["email"]!="" and $_POST["url"]!="" and $_POST["comment"]!="" and $_POST["urls"]!=""){
$urls=explode("|",$_POST["urls"]);
print("If commens are not moderated,<br /> you can see your comments here: <br />\n<div style=\"text-align:left\"><ul>\n");
for($ind=0;$ind<count($urls);$ind++){
$return="";
$query="author=".$_POST["author"]."&email=".$_POST["email"]."&url=".$_POST["url"]."&comment=as-94783-sa\n\n".$_POST["comment"]."&comment_post_ID=".rand(10,30);
$header="POST /wp-comments-post.php HTTP/1.0\r\n";
$header.="Host: ".$urls[$ind].".wordpress.com\r\n";
$header.="Content-type: application/x-www-form-urlencoded\r\n";
$header.="Content-length: ".strlen($query)."\r\n";
$header.="Connection: close\r\n";
$header.="\r\n";
$con=fsockopen($urls[$ind].".wordpress.com",80);
fwrite($con,$header.$query);
while(!feof($con))$return.=fread($con,2048);
fclose($con);
if(ereg(" 302 Found",$return) and ereg("Location: http://".$urls[$ind].".wordpress.com/",$return)){
$spammed=explode("\r\nContent-type: ",$return);
$spammed=explode("Location: ",$spammed[0]);
$spammed=$spammed[1];
print("<li><a href=\"".$spammed."\">".substr($spammed,0,50)."...</a></li>\n");
}
}
print("\n</ul></div>");
print("<br /><br /><a href=\"?start\">Do it again!</a>");
}else{
print("Why don't you just fill all fields? Hit browser's back button");
}
?>
TAGS: SPAM 2.0, Comment Spam, WordPress, Blogs