I hate spammers. More than you. However, in order to understand them, one must learn their trade. The following code is about as basic as it gets when it comes to submitting spam comments to WordPress… but it’s interesting nonetheless (and has countless legitimate application).
Don’t worry, I’m not posting anything our spamming friends don’t already know.
Using the principle of submitting a form with CURL, you could very easily and quickly integrate a form into various types of feeds (including RSS) or use it to replicate comments on individual blogs. Used with a cron you could artificially (and remotely) create responses to threads that introduce new elements to a discussion or, integrated with other types of CMS systems, inject news and relevant third party links into a thread (yes, I use the XML publishing protocol and understand the advantages – post coming!). The code below is something I’ll file away (a.k.a posting it to this website) that I’ll likely use sometime in the future.
The format of the WordPress post comment box is consistent from one blog to the next making it easy for spammers to set up automated systems to pollute the blogosphere. If you think that nobody publishes their crap, think again. Copy a spam comment into Google and you’ll be surprised how many people are stupid enough to post their garbage on their website.
The Code
Copy the code below and add your own WordPress details.
<?php $postfields = array(); $postfields["action"] = "submit"; $postfields["author"] = "Marty"; $postfields["email"] = "spam@spam.com"; $postfields["url"] = "http://www.SpamBlows.com"; $postfields["comment"] = "This comment spam. Happy happy good luck number 7."; $postfields["comment_post_ID"] = "1"; $postfields["_wp_unfiltered_html_comment_disabled"] = "84248387b9"; $useragent = "Mozilla/5.0"; $referer = $url; $url = "http://www.SomeDomain.com/wp-comments-post.php"; $site="http://www.SomeDomain.com/hello-world/"; $ch = curl_init(); // initialize curl handle curl_setopt($ch,CURLOPT_REFERER,$site); curl_setopt($ch, CURLOPT_URL,$url); // set url to post to curl_setopt($ch, CURLOPT_POST, 1); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); // add POST fields curl_exec($ch); // run the whole process curl_close($ch); echo "Done"; ?>
The Output (on a WP blog)
If a spammer were to use something like this they would almost certainly have millions of posts indexed in a database that they’d loop through at a set interval (with the clever ones categorising comments by topic so they can extract a ‘most relevant’ response). Obviously, they’d randomise their email, IP, referrer and other details.
In terms of other techniques that spammers use, I’ll be publishing details very shortly that details a process that spammers use to obtain very specific information on people. I obviously haven’t spammed anybody… but I did employ a techniqe that simply allowed me access to the same information as them. The results scared me. Stay tuned.
|
|
Download: Submit Form with CURL and PHP |
If you liked this article, you may also like:
About Marty
Marty has been involved with online application development for a number of years and has worked with large scale applications both as a coder and project manager. He is currently actively contributing to 7 blogs and maintains over 300 websites. 
BeliefMedia Pty Limited. BeliedMedia is a media company based in Sydney, Australia. We specialise in all facets of media, including: online marketing, podcast production, programming, software development, Android/iDevice development, voiceovers and television production. Make contact with us via our
Very interesting code. I’ve already known that spammers use curl for their bad stuff but I had never seen the code and it’s very simple and fast to be written!
Now I can know why curl is so (ab)used by spammers!!! :)