Anatomy of a vague-baiting spam comment

Have you ever approved a friendly comment on your WordPress site only to be hit by a barrage of comment spam the next day? If so you were probably the victim of what I like to call vague-baiting. Let me explain:

At a recent meeting of the Vancouver WordPress Meetup Group someone asked about how to avoid getting so much comment spam on their WordPress site. The simple answer to that question is to install the Akismet plugin which should catch 98% or so of your spam and which learns and improves over time. But that’s not the whole answer.

You see, not all spam is created equal. Spammers know that you use tools like Akismet and other moderation systems to keep them at bay so they try their best to trick you into letting them past your blockades. They do this by submitting innocent looking comments like this:

Example of typical spam comment

What you see above is a typical spam comment as it came through on my site. Akismet didn’t flag it because it doesn’t have any of the tell-tale signs of being a spam comment, but it is spam nonetheless. This begs a rather obvious question:

Why all the trickery for a spam comment that has no value?

The purpose of spam is to drive your visitors to other sites that the spammer can earn money from. So why on earth would someone go to such lengths to post a spam comment with no nefarious links and a completely innocuous and pointless message? The answer lies in how WordPress and most other publishing systems work: A common way to avoid spammers is to simply set the site so that the first comment from a new email address is always held for moderation. Only commenters with an already approved comment can comment freely on the site. And Akismet also avoids flagging messages from approved commenters as spam. I think you can see where this is going.

To get around your moderation wall a comment that seems to be praising the site is submitted. Once that comment is approved however, a barrage of spam of the worst kind will hit the site. This vague-baiting aims to trick new or unwitting site owners into approving spammers as valid commenters on their sites. And I’m sad to say it works really well. So how do you identify vague-baiting? Follow me down the rabbit hole:

The Vaguest Comment Ever

The vague-baiting comment is easiest recognized by its insanely vague content. Reading the comment one could think it was written by a real reader, but upon closer inspection you realize this comment could be applied to pretty much any posting on any website about any subject. It is so vague its informational value is close to zero.

The typical content of these comments follows a standard formula: Vague praise of the author for writing a good post / argument / site followed by even vaguer reference to some of the content (usually of the form “your argument is great!”) and then some form of statement indicating that the commenter reads your site regularly / was referred by a friend who reads the site regularly / is going going to recommend other people read the site regularly / all of the above. Some of the comments also indicate that the commenter found the site through a Google search “on the subject”.

The Hyperlink to Nowhere

WordPress and most other publishing platforms ask the commenter to enter a URL to their site. If the commenter enters a URL to an objectionable site or one connected with other spam comments, the comment automatically gets flagged. So instead the vague-baiting comment will usually provide a garbage URL pointing nowhere or a URL to a dummy Facebook profile or similar social media profile as is the case in the grab above. This is done to give you the impression that this is a real person and that they just messed up their URL.

The Bizarre Email Address

A simple way of preventing the most blatant (and stupid) spam bots is to ask for an email address when a comment is posted. Because the vague-baiting spammer wants you to approve the comment and thereby the email address, it has to be a real one. However, they do this so much they use randomized email addresses. Usually you’ll see an email address with a rubbish prefix like ttp856956 followed by either hotmail, yahoo, gmail or some other public email service with a geo suffix in an unusual location, in this case Taiwan. This email suffix needs to be seen in context with the IP address as explained below.

The IP Address to Elsewhere

The final telltale sign of a vague-baiting comment is the IP address. The IP address is the address of the actual computer submitting the comment. In this case the IP address is located in Lima, Peru, not Taiwan as the email address suggests. This in itself could have a reasonable explanation – say the person from Taiwan was visiting Peru – but a quick Google search shows that this IP address shows up again and again as the originator of spam. In other words, case closed.

Avoid Spam by Being Logical

Based on what you’ve seen above, avoiding vague-baiting comments is pretty simple: Be logical. If you get a comment with an unnecessarily vague message, it is probably spam. The threshold for someone going through the trouble of leaving a comment is always pretty high, and no sane person is going to go through the trouble of leaving a super vague comment with no value on your site. And if the vagueness wasn’t enough of a red flag, take a look at the sender URL, email address and IP address and see if they all make sense. If they don’t you can hit the spam button safe in the knowledge that you averted a poorly disguised attack on your site.


About Morten Rand-Hendriksen

Morten Rand-Hendriksen is a staff author at lynda.com specializing in WordPress and web design and development and an instructor at Emily Carr University of Art and Design. He is a popular speaker and educator on all things design, web standards and open source. As the owner and Web Head at Pink & Yellow Media, a boutique style digital media company in Burnaby, BC, Canada, he has created WordPress-based web solutions for multi-national companies, political parties, banks, and small businesses and bloggers alike. He also contributes to the local WordPress community by organizing Meetups and WordCamps.

7 comments:

      1. LOL

        I bet. You’re not exactly invisible on the Interwebs, and that invites feet abuse, among other less than savory things.

        Thanks!

        Take care,

        Robert

  1. Thanks for the great insight. I was experiencing this same vague comment spam on my new blog and it seemed unusual. A Google search did, in fact, lead me to your post, haha! The email addresses some of these people enter caught my eye as something that a real person would not use, but most of all the vagueness of the comment was puzzling.

    Thanks again for a detailed look at how they construct these comments and why they do so. I hope that it helps many others!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>