A Post About Spammy Hacky Type Things

Twitter and WordPress logs

Two Spammy Hacky type things that have happened this week:

1) My Twitter Account Was Hacked

Well, I’m not sure “hacked” is the right word here, I actually invited them in and made them a cup of tea and sandwiches by STUPIDLY clicking on a bad link when this arrived:

Twitter

I’m usually more alert to dodgy links, I haven’t been caught out before on Twitter, but I was half asleep, it came from a blogging friend, and without thinking properly I clicked on the link. So of course what happened subsequently was that my Twitter followers were sent something like that from my account, with a few variations on the wording.

When your Twitter account sends out bad stuff, people tell you about it. At first that’s good, you need to know. But I ended up with about 40 people telling me that my account was doing this, and they were coming at me from everywhere – on Twitter, by email, on Facebook, even as a blog comment on another blog I write for. I’m sorry that I’m complaining about this, I know you were all being helpful, but in the end I was thinking “I KNOW!!!”

I also had a few people getting annoyed at me for it, which was a bit much considering that they had done exactly the same thing as I had, which was to fall for it, and click on the link! We did the same thing guys, so don’t get mad at me ok? But nevertheless, I do apologise to those of you who were affected by my stupidity (on this, or in general!).

I quickly changed my password once I realised what was happening, and hopefully that’s the end of it, and I learned my lesson.

2) Spam Comments Slipping Through on Blog

Generally I find the WordPress spam filters to be very good, loads of spam ends up in my spam folder and that shows it works, very few slip through and actually get published on a post. However one post that I wrote well over a year ago has been getting hit for several months. Now, at least two bits of spam a day make it past the filters and end up published live on that post, and each time I mark them as spam to get rid of them.

I decided to contact WordPress support about this, to see if there was anything I could do. It just seemed strange that it was only happening on that one post. It turns out, according to them, that I am lucky. Apparently lots of other WordPress bloggers get hundreds and thousands of spam comments getting through and being published live on their posts every day. Hundreds and thousands! Here is a screenshot of my support conversation:

Wordpress support conversation

If you can’t read that, you can go to it here (the screenshot above was the full conversation at the time I grabbed it, but someone else has just commented on it now, so I don’t know if there will be more). Sorry to timethief if I seemed a bit grouchy in my responses!

But I’m interested, do any of you on wordpress.com get hundreds and thousands of spam comments not being caught by the spam filters and ending up published on your posts? If so, how do you cope? Remember, we’re not talking about the spam that ends up in your spam folders (bolded for extra emphasis :) ) just the stuff that makes it through to appear on your live post pages. I still find it hard to believe, but hey, what do I know, I’m the type of gal that clicks on bad Twitter links!

About these ads

79 responses to “A Post About Spammy Hacky Type Things

  1. We have roughly the same number of followers, so I’m probably a good comparison. No, I don’t get a lot of spam leakage, just the rare occassion. It’s the spam followers that bug me more.

    Like

  2. Like you I have two particular posts that get spam all the time–but not thousands–just a few a week–this is disconcerting but sure am glad I do not get thousands!

    Like

  3. No spam gets through the filters on my site.
    Sorry about the gang up on help. If I do find I got hacked or did something stupid, I send out a notice and then hopefully the reports that I was spamed stay friendly. Sending out the notice has had friends I haven’t spoken to in a while contact me…just to catch up so there was a positive benefit. On your twitter…THEY OPENED IT TOO!!! :)

    Like

    • How would you send out a notice on Twitter though? I did tweet a couple of times about it, but that relies on people seeing my tweet, the only other way would be to contact them all individually wouldn’t it? I replied to all those who tweeted me about it (I think I did anyway, unless I missed any), and I also put a status about it on Facebook because quite a few of my Twitter followers are Facebook friends too, and this alerted a few more people. Mainly I wanted people to know that if they had clicked on my bad link, they should change their password. It’s a curse of modern life! :)

      Like

      • I don’t tweet but I see how that would have been difficult to alert, without them already clicking on the link from your earlier tweet.

        Like

  4. I saw that twitter post! I was going to be te 41st person to let you know but luckily for you your account had been disabled! Or maybe not so lucky. I see it’s re-enabled now…
    As for spam getting through: Not so much. I might have had 1 or 2 in the last year or so. I better complain to timethief. It’s getting out of hand! ;)

    Like

    • I didn’t even know my account had been disabled! So you would have been the only one to notify me about that! ;) I chuckled at your “getting out of hand” comment – go on, complain about it, I dare you!

      Like

      • What do they say these days? First world problems. It’s like when we have an earthquake in Melbourne everyone gets excited (they’re usually in the 4 – 5 Mag range) because they’re so rare. You’ll see memes posted featuring “damage” from the Melbourne quake, like an intact set of garden furniture except for one chair overturned. Or a bike lying on its side, chained to a pole. Then you get the Kiwis paraphrasing Crocodile Dundee. “That’s not an earthquake. THAT’S an Earthquake!”.

        Like

  5. I get a couple here and there. Lately I’ve been responding in the rudest ways imaginable. It might lead to getting more, but sure is fun.

    Like

  6. Huh, that is weird (and annoying). I have never had a single spam comment go through to my blog directly. Maybe this is because I have my settings at “comment approval needed”? So this means if it’s someone new to my blog and has never commented before it needs my final approval to show up on my blog. I have had a few slip by my spam folder this way, but they never go “live” to my blog because I have to approve them.

    As for my spam folder, I’d guess I get hundreds in there any given week.
    Finally, spam doesn’t taste half-bad with tons of mayo. (I never tire of that lame joke, sorry)

    Like

    • Ah yes, I hadn’t thought of that, I don’t have comment approval needed for first time posters, I did when I first set up my blog, but it stopped, I didn’t deliberately change it, but it didn’t seem to cause any problems so I left it like that. But now it is causing problems of a sort, so I should probably put it back on. Me too in my spam folder, I checked my spam stats earlier when I was doing this post and it tells me that in the last year I’ve had 38,469 spam comments come into the spam folder, so that’s 739 a week on average. Hurrah for spam and mayo!

      Like

  7. I clicked on your Twitter link, but then at your advice I changed my password. I don’t believe anything got sent out through me. When I clicked, I got a view saying something like “This account has been deleted” so maybe Twitter caught something. Anyway, I still get notifications from the spam on that one post, maybe one or two a day. I have Blogger and I very rarely have anything get through the spam filter. Virtually all of my spam comes from Anonymous, so it’s easy to spot. Also, I finally activated Moderation, so if it does get through I see it before it’s posted.

    Like

  8. I only get about six spam comments a day and all of them are caught by the filter, thank goodness.

    I always look forward to them because they are delightfully incoherent:

    “I has love this post which have good thoughts that make me think thoughts thinkly. You are expert on this thinkish thing you think about! Great jub!”

    Like

  9. Don’t beat yourself up too badly. We all stumble and click on stuff we shouldn’t. They persist because they’re successful. They count on lapses in concentration.

    Delete that year-old post! It’s causing havoc and nobody reads old posts, anyway.

    I employ the most effective tool available to dissuade a tsunami of spam comments: a small audience! With +/- 50 followers, my site doesn’t show up on their radar. it’s true!

    Like

    • I know we all get caught out occasionally but it doesn’t stop us getting annoyed at ourselves when we do!

      I don’t want to delete that post though, it’s one I like, plus, what would have left to complain about if I did that?

      By the way, I just had a thought, you have several times mentioned that you don’t have as much of a following on your blog as you might like – I wonder whether when people see you commenting about the place they see your gravatar pic and conclude that your blog must be all about religion? That could put some people off from even coming to check you out? Just a thought as I say!

      Like

      • You might be dead-on but I’ve always thought my gravatar was ANTI-religion, if anything! I think there’s some humor in it. Carrying eyeballs around on a dinner plate!? How silly is that?! Another fable from the good book. I’m afraid to swap it out now as it’s my trademark.

        Like

        • Ah well you see I hadn’t even realised it was eyeballs, you can’t tell when it’s small and the small one is what most people see. I just clicked on it now to see it big and of course then I can see the eyeballs but until you said, I had never clicked to see it big. Sometimes trademarks have to be changed if they’re not working for you ;) (I’ve planted the seed of thought now haven’t I…haven’t I?!)

          Like

  10. One oft he reasons that I have to approve comments before publish. I don’t however get many spam comments that pass through the filters.

    Like

  11. I had a previous blog, not with WordPress, and I began receiving 300 to 400 spam a day. I had to shut it down finally. Now, I receive some but they always end up in the Spam folder. I just checked and found 10 in there which I dumped. It’s been months since I checked.
    Sorry to hear you’ve had such a frustrating time.

    Like

    • I think our WordPress spam folders automatically empty themselves every so often anyway because I checked my spam stats earlier and it says that I’ve received 38,469 spam messages in the last year, and there’s no way I’ve cleared out that many! I don’t remember to check it very often either.

      Like

  12. Vanessa Jane, would you believe I too had the same spammy linky clicky thing happen to me last week. Ack! I despise Twitter anyway. My pass word has often reflected that. Like Stupidheadtwitter and Pleasealready. I do have one time comment approval before people can post comments again without. Maybe that does help. Also got a plug in called wordfence. Shrank the spam in the spam folder at least. It all feels yucky though.
    Love to you! Shalagh

    Like

    • I would believe it Shalagh because you’re the one I got it from! Ha! Yes indeed, you are the mysterious “blogging friend” I referred to, obviously I wasn’t going to name you in the post, but I figured I would reveal it to you if you came and commented. You see, it came from you and so I trusted it without question! :) I barely go on Twitter myself these days, prior to this occurrence I don’t think I had tweeted anything since December, I Tweet on my work one, on behalf of work, but not my personal. I need to set up the one time comment approval thing again.

      Like

      • Oh My Gosh! I am laughing and wanting to feel so bad and yet that was how it happened to me. Like a communicable disease from someone you hope likes you and would send you something to show they care. Ack! And the one I got had LOL in it which I passionately hate. I’m sorry and hopefully you know that I would love to be in better touch.I’ll try to make up for it.
        Love,
        Shalagh

        Like

        • Please don’t be sorry Shalagh! As I said, it’s a bit much to feel annoyed at the person we got it from when we did exactly the same thing as they did! Some of the ones that were sent out from me had LOL in them, and a couple of people said that’s how they knew it wasn’t real because they know I don’t say LOL! x

          Like

  13. Ross raises an interesting point up there. I’ve never considered the “spam followers” as sources of the weird messages (that seem computer-generated or bizarrely fishy). I still don’t really comprehend why there are entire blogs that are solely re-blogged writing. Who are those people?

    That said, we have similar follower numbers and I get 1-2 spammy messages a week. Never on the same post. Hundreds/thousands of spam comments sounds exhausting and would probably make me fold on the whole shebang.

    Like

    • Yes, I don’t know whether the spam followers are the same ones who comment, probably some and some. I never really get the point of what totally reblog blogs are about either and what they get out of it, somebody explained it to me recently, but I can’t remember! Something about building online reputation or something! I get several hundred spam comments a week into my spam folders but, but like you, 1-2 a week getting through usually, apart from this one post that is getting them daily.

      Like

      • I had an identical reaction when someone explained re-blogs on The Daily Post: instantly forgotten.

        Sometimes I leave the hilariously computer-generated or faux-English comments on line. I find their odd contrast to my silly musings sort of amusing… especially when they “would like to know more” and it’s an entire post about my implants.

        Like

  14. I never know whether to let someone know their Twitter account’s been hacked or not. I err on the side of doing so, because I’d want someone to let me know if it happened to me. Sorry to contribute to your alerts about it. :( But love how you spun it into a great post!

    I don’t get too much spam that makes it onto the actual post. A few show up needing moderation, but I send them to spam. I’ve never had any post on their own without moderation. But like you, I’ve had some posts which fill my spam file with dozens and dozens of spammy messages each day. Even though Askimet catches them, it’s still a pain to sort through to make sure no legit comments got sent to spam.

    Like

    • Oh yes, me too, I usually tell people if they’ve been hacked, so please don’t apologise or put on a sad face! ;) I hesitated about including that bit in my post, but it was part of the story and I figured people would get where I was coming from on that.

      I barely ever look in my spam folders, I forget to, checking earlier it seems that I have had 38,469 comments go into them in the last year, and I was commenting to someone else that I think they self-empty after a while, so I might have lost some genuine comments in there over the time unfortunately.

      Like

  15. What a pain. I think the spam creators need to get real jobs and stop making it their goal in life to annoy the rest of us. Maybe they could work for the Spam (meat) company instead. Sorry you’ve had a run of icky luck with these things.

    Like

  16. Like Carrie, I haven’t had any slip through onto the posts. There are waves, as Time Thief noted, where I go from only a handful of spam comments in my moderation queue to dozens in a day. And it does take valuable time to make sure legitimate comments didn’t end up in spam. I also get cranky when Akismet sends obvious spam to my moderation queue. ;)

    My understanding of WordPress support (which may not be accurate) is that those of us who pay for any upgrades will get responses if we contact them directly and don’t go through the public forums. Since I do have upgrades, I choose that route because sometimes the volunteers on the public forums mean well, but they don’t have as much information as they should have to answer questions. And sometimes their responses are worded in a way that can lead to frustration on the part of the blogger having difficulties. And sometimes I’ve seen volunteers trash the reply of another volunteer, which should never be allowed.

    I’ve got three comments sitting in my moderation queue because I can’t decide if the “commenters” are truly legitimate. And I’m trying to err on the side of caution. But that may mean I’m blocking real comments from a real person, and I feel bad about that.

    Like

    • Ah right, I didn’t know that about support, that you get direct access to support staff if you upgrade. I think the volunteers on the forums can be super busy trying to keep up with all the questions and threads in there, if you have a browse around, you see some names there all the time answering people’s questions, it’s a lot of work I guess! But I still think Timethief was exaggerating, who would put up with hundreds and thousands of spam comments not getting picked up by Akismet daily?

      It’s hard sometimes to tell if commenters are legitimate isn’t it, I usually check if they to have a legitimate blog, if they do then it’s an obvious yes, but if they don’t then it isn’t an obvious no!

      Like

  17. I got one of those spam Twitter comments from you. Like the rube that I am, I clicked on it. As testimony about how few Twitter followers I have, not one person has complained to me about getting bogus Tweets from me.

    Like

  18. I haven’t got hacked yet (at least that I know of), but I’m always scared somebody will. And mine is connected to my Facebook. And then my parents will be wondering why I’m talking so much about Viagra. Hopefully it never does. At least you got a good post out of it though.

    Like

  19. I don’t get any spam, actually. And nothing gets posted unless I approve it first. Somebody may have already said this to you, but can you make your comments such that you have to approve anything before it gets posted? Sorry about the twitter madness! I’m sure I would have fallen for that too. No worries! It happens to the best of us!

    Like

    • I used to have mine set where I have to approve comments the first time someone posts, I wouldn’t want to have to approve all comments each time, but I may switch back to the first time approval option to see if I can stop the spammers getting through.

      Like

  20. I think I’ve only had one make it through. The rest end up in my spam folder. You can also check the referrer links and mark those as spam senders. Don’t know if this helps. I think you need to have a glass of wine and get a massage. Sometimes that helps.

    Like

  21. I get a lot of spam followers, but they don’t usually comment. The spam comments I get generally are filtered and end up in my spam folder. The few that have slipped through (not thousands) need moderation, and I just spam them myself. I wonder if TimeThief was saying that thousands of spam comments go live across the board, not thousands per blogger. I would believe that figure.

    I just received a comment from a blogger with a weird username, something with a bunch of letters and numbers, and of course I immediately thought it was spam. But the comment was logical, well-written, and applied directly to the post. That made me think it was legit. I took a chance and clicked on the username and indeed, it was a real blogger, not spam. Phew. However, I wish that real bloggers would pick usernames that look normal and don’t arouse suspicion! They might get more followers/comments and not get spammed. :)

    Like

    • Yes, those ones that you moderate into spam are the equivalent of the ones that end up on my pages because I don’t have my settings to moderate new people any more, but I’m thinking of switching back!

      I really don’t think timethief was talking about across the board because she said it as a rebuttal to me saying 2 a day, like I was lucky to only get 2 because some others get hundreds or thousands. If she was talking about across the board then my 2 a day would be in line with that when you take account of everybody, (if that makes sense!). I say “she” but I don’t know if it’s a he or she! I don’t know if you read any of the other comments here but I was saying that I looked at my spam stats and saw that in the last year I’ve had over 38,000 come in to my spam folders, so overall the spam catching does a very good job!

      Like

  22. Yeah, I would NOT have appreciated her tone, geeze. Hundreds and thousands? Um, no. I will have the occasional spam comment that makes it through to where I can see it and it’s usually two at a time on the same post (different posts each time). But honestly I think this has only happened three or four times. Weird.

    Like

  23. Good Lord Vanessa, who would be upset for something we’ve all experienced. An ass! If I we’re you I wouldn’t give it a second thought. It’s not as if you could help it. And we’ve been hit a couple of times. As you said, most writers work bizarre hours. I know Inion & I prop our eyes open with pencils as we work into the wee hours of the night & have clicked on crap that we’ve regretted but can’t even remember doing it. If twitter connections can’t understand that, then let them go! Hope your twitter time is far better this coming week dear!! ;)

    Like

    • I think a couple of people got annoyed at me thinking I’d deliberately spammed them! I have better things to do actually (not that I would know how to create and send virus links if I wanted to!). I barely use Twitter anymore anyway, so I think I was just excited to receive something via it, hehe.

      Like

  24. The occasional nutjob gets through – and always will.
    At least you met me, so it’s all good…
    By the way, Nicki Daniels has a MAJOR spam problem on her blog right now, but she hasn’t checked her site in awhile, so she has no idea!

    Like

    • She must have hers set like mine where she doesn’t have to approve first time commenters. I guess certain sites and posts attract more spam, like the one I was referring to on mine has the word ‘love’ in the title, so I’m sure that attracts spam attention!

      Like

  25. Vanessa, I think I’m as lucky as you are, or maybe just a tad luckier. I get fourish spam comments a day now (it used to be many more but something’s changed – maybe my spammers were using the same WP server that I’ve not been able to access lately!) however none of them make it through to the blog. With luck like that (hundreds and thousands?) we should have an extra go on the Lottery, methinks! Sorry to hear you were caught off guard, by the way. Spammers!

    Like

    • Well, you and I must thank our lucky stars, and count our blessings, and all of that for being SOOOO lucky. I guess we will never hear from the people who get hundreds and thousands of spammers making it through on a daily basis, they just won’t have the time to comment here with all that to deal with!

      Like

  26. WP filters do a pretty good job and I am grateful. Sometimes stuff does get through. I try to keep up with comments and catch those/delete. And like JM I have a couple in limbo as I’m not sure who/what the commenters are, most likely will trash – which is sad to real bloggers, but better safe than sorry. It is a real problem and concern

    Like

    • Yes, I do think the WP filters do a good job, it would be impossible for them to be 100% right all the time, and so sometime some slip through (not hundreds and thousands a day on any one bloggers site though I feel the need to say again!), and sometimes real people get spammed. I too get the occasional one where I’m not sure.

      Like

Anything you'd like to say? Now's your chance...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s