This isn’t a metaphysical question about good and evil. I’m really trying to understand what the motivation or payoff is.
Over the last week or so I have been experimenting with BuddyPress as a way of adding social networking features to SMUG. I’ve been impressed with the functionality. Now that I’ve learned some of what I was seeking to discover through the experiment, I have reverted back to the previous theme and disabled BuddyPress.
One of the settings I enabled in BuddyPress allowed visitors to sign up for an account here. They just had to fill out a form, like this (click any of the images to enlarge):
And then they would see a message which said they would be getting an email message with a link to confirm their registration:
When they clicked the link in the email, they would return to the site and see this confirmation:
Today I got a message from a helpful SMUGgle, Michelle Murray, who said she had gotten an “internal server error” message when trying to visit a curriculum post…and that the problem had happened a few times. So I decided to investigate. To cut to the chase, here’s what I discovered:
A whole bunch of new “users” whose names were eerily similar. The extent of the problem is shown in this closeup of the user totals, which you don’t need to click to see clearly:
After I had deleted 50 of them, here is the closeup of the user type breakdown:
In other words, my blog had essentially been the target of a Denial of Service attack by a spam bot creating nearly 6,400 accounts.
As I examined one of the profiles, it seemed odd that the person behind the spam would try this, because it wasn’t immediately apparent what benefit they would derive. Here’s an example of what they had entered for each fake user:
And when you look at the tail end of the Website field, it is just the link to the member profile on SMUG, not some other Web page they wanted to give Google juice.
It seems that the goal is to somehow help a site devoted to offering six-pack abs to its customers (clearly something I could use), but it isn’t (or wasn’t) clear to me how this spamming strategy would drive traffic to that site. Other spam email domains pointed to searsuckersuit, realestatequicksolutions and comfortersonsalenow, all with .coms appended.
On further reflection, it seems perhaps one way this scheme could work would be if the spammer accounts could be used to bypass the Akismet comment filtering. In that way they could include links back to their sites within comments.
Or maybe if my default for new users was to make them Authors instead of Subscribers, it would give the spammers a chance to create new posts with lots of links to their sites:
What do you think? Based on what you see above, what would be the benefit to spammers in creating 6,000+ accounts on a site, without any links back other than in the user email domain, which isn’t published?
Was this just a first step in a plan to eventually unleash a torrent of new posts or comments?
By the way, for the time being I have turned comment moderation on, so I’m not just relying on Akismet. So when you share your thoughts, it may take a little bit for me to moderate and approve the comment.
Meanwhile, does anyone have a recommendation for mass deleting 6,300 spam subscribers in WordPress?
Otherwise, it looks like I’ll be selecting 50 at a click and deleting about 126 times. Should be an hour or so of mindless fun.