I hate spammers. More than you. However, in order to understand them, one must learn their trade. The following code is about as basic as it gets when it comes to submitting spam comments to WordPress… but it’s interesting nonetheless (and has countless legitimate application).
Don’t worry, I’m not posting anything our spamming friends don’t already know.
Using the principle of submitting a form with CURL, you could very easily and quickly integrate a form into various types of feeds (including RSS) or use it to replicate comments on individual blogs. Used with a cron you could artificially (and remotely) create responses to threads that introduce new elements to a discussion or, integrated with other types of CMS systems, inject news and relevant third party links into a thread (yes, I use the XML publishing protocol and understand the advantages – post coming!). The code below is something I’ll file away (a.k.a posting it to this website) that I’ll likely use sometime in the future.
The format of the WordPress post comment box is consistent from one blog to the next making it easy for spammers to set up automated systems to pollute the blogosphere. If you think that nobody publishes their crap, think again. Copy a spam comment into Google and you’ll be surprised how many people are stupid enough to post their garbage on their website.
Copy the code below and add your own WordPress details.
<?php $postfields = array(); $postfields["action"] = "submit"; $postfields["author"] = "Marty"; $postfields["email"] = "firstname.lastname@example.org"; $postfields["url"] = "http://www.SpamBlows.com"; $postfields["comment"] = "This comment spam. Happy happy good luck number 7."; $postfields["comment_post_ID"] = "1"; $postfields["_wp_unfiltered_html_comment_disabled"] = "84248387b9"; $useragent = "Mozilla/5.0"; $referer = $url; $url = "http://www.SomeDomain.com/wp-comments-post.php"; $site="http://www.SomeDomain.com/hello-world/"; $ch = curl_init(); // initialize curl handle curl_setopt($ch,CURLOPT_REFERER,$site); curl_setopt($ch, CURLOPT_URL,$url); // set url to post to curl_setopt($ch, CURLOPT_POST, 1); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); // add POST fields curl_exec($ch); // run the whole process curl_close($ch); echo "Done"; ?>
The Output (on a WP blog)
If a spammer were to use something like this they would almost certainly have millions of posts indexed in a database that they’d loop through at a set interval (with the clever ones categorising comments by topic so they can extract a ‘most relevant’ response). Obviously, they’d randomise their email, IP, referrer and other details.
In terms of other techniques that spammers use, I’ll be publishing details very shortly that details a process that spammers use to obtain very specific information on people. I obviously haven’t spammed anybody… but I did employ a techniqe that simply allowed me access to the same information as them. The results scared me. Stay tuned.
If you liked this article, you may also like: