Why do Spammers do this?

This isn’t a metaphysical question about good and evil. I’m really trying to understand what the motivation or payoff is.

Over the last week or so I have been experimenting with BuddyPress as a way of adding social networking features to SMUG. I’ve been impressed with the functionality. Now that I’ve learned some of what I was seeking to discover through the experiment, I have reverted back to the previous theme and disabled BuddyPress.

One of the settings I enabled in BuddyPress allowed visitors to sign up for an account here. They just had to fill out a form, like this (click any of the images to enlarge):

And then they would see a message which said they would be getting an email message with a link to confirm their registration:

When they clicked the link in the email, they would return to the site and see this confirmation:

Today I got a message from a helpful SMUGgle, Michelle Murray, who said she had gotten an “internal server error” message when trying to visit a curriculum post…and that the problem had happened a few times. So I decided to investigate. To cut to the chase, here’s what I discovered:

A whole bunch of new “users” whose names were eerily similar. The extent of the problem is shown in this closeup of the user totals, which you don’t need to click to see clearly:

After I had deleted 50 of them, here is the closeup of the user type breakdown:

In other words, my blog had essentially been the target of a Denial of Service attack by a spam bot creating nearly 6,400 accounts.

As I examined one of the profiles, it seemed odd that the person behind the spam would try this, because it wasn’t immediately apparent what benefit they would derive. Here’s an example of what they had entered for each fake user:

And when you look at the tail end of the Website field, it is just the link to the member profile on SMUG, not some other Web page they wanted to give Google juice.

It seems that the goal is to somehow help a site devoted to offering six-pack abs to its customers (clearly something I could use), but it isn’t (or wasn’t) clear to me how this spamming strategy would drive traffic to that site. Other spam email domains pointed to searsuckersuit, realestatequicksolutions and comfortersonsalenow, all with .coms appended.

On further reflection, it seems perhaps one way this scheme could work would be if the spammer accounts could be used to bypass the Akismet comment filtering. In that way they could include links back to their sites within comments.

Or maybe if my default for new users was to make them Authors instead of Subscribers, it would give the spammers a chance to create new posts with lots of links to their sites:

What do you think? Based on what you see above, what would be the benefit to spammers in creating 6,000+ accounts on a site, without any links back other than in the user email domain, which isn’t published?

Was this just a first step in a plan to eventually unleash a torrent of new posts or comments?

By the way, for the time being I have turned comment moderation on, so I’m not just relying on Akismet. So when you share your thoughts, it may take a little bit for me to moderate and approve the comment.

Meanwhile, does anyone have a recommendation for mass deleting 6,300 spam subscribers in WordPress?

Otherwise, it looks like I’ll be selecting 50 at a click and deleting about 126 times. Should be an hour or so of mindless fun.

What a difference in four years!

It was four years ago today that I started a blog called “Lines from Lee” with this post.

So much has happened in that time, and I have documented the progress with highlights posts on the first, second and third birthdays of my blog.

So this is my fourth in an annual series related to how blogging and involvement in social media has changed my life. I do more of a personal year-in-review sometime between Thanksgiving and Christmas, which is the time when I thank God for his many blessings to me and our family (such as our two grandchildren, and my son getting married next month.) More reflections on those in December.

The last year has been so crazy, it’s hard to know where to begin in recounting it.

Trips to the Netherlands (with a brief stop in London) and Paris, my first ventures outside North America, are a good place to start. But visits for presentations on social media to Miami, Indianapolis (twice), Omaha, Washington DC (twice), Idaho, Arizona, Milwaukee, St. Louis, Green Bay, Madison, Philadelphia, Las Vegas, New York (thrice), Pittsburgh, Boca Raton, San Francisco, Orlando, Boston, Cooperstown, San Diego, North Carolina, Des Moines and Lake Ozark, Missouri as well as several trips to Chicago and various points within Minnesota have been memorable too. So were the videoconferences to Zurich and Toronto.

I can’t even begin to mention all the great people I’ve gotten to meet, because it would take all day. And since I’m writing this on the bus on the way to work, I have to move it along. Especially with the announcement we made this week of our new Mayo Clinic Center for Social Media. We’ve got lots of work to do as we get this ramped up. As you might imagine, I’m seriously jazzed about it.

When I got back from New York on Wednesday after the announcement of the center, my team at work had a celebration ready, complete with balloons, gluten-free treats and a new sign on my office door (click to enlarge):

(I’m pretty sure our brand standards group isn’t going to let us use that poster officially.)

What a team! I do want to mention them: Joyce Groenke, Dana Sparks, Joel Streed and Laurel Kelly. They’ve been the core group for our syndication and social media team, and they also help tweet on our @MayoClinic account.

And our broader media relations team, led by Karl Oestreich and including Traci Klein, Amy Tieder, Bob Nellis, Rebecca Finseth, Elizabeth Rice, Bryan Anderson, Kevin Punsky, Paul Scotti, and Lynn Closway have all contributed to our social media efforts (particularly YouTube videos related to research news.) It’s hard to know where to stop with this, but Hoyt Finnamore, Cory Pedersen, Linda Donlin, Kathy Barbour, Evelyn Tovar and Julie Janovsky-Mason have done great work with social media on our internal communications team, too, as have our education, research and marketing groups.

The idea has been not to have a huge social media “silo” but to instead get everyone in Public Affairs using these powerful tools to do their regular work. To infuse social media thinking and strategies into everything we do. And with our new Center for Social Media, we aim to provide training and resources to all 56,000 employees at Mayo Clinic while also offering some of those same tools and guidance to other health-related organizations.

Tonight I’m going to have another new experience, as I will be doing a live TV interview on Almanac, the weekly public affairs program produced by Twin Cities Public Television.

In my previous career I frequently accompanied my employers (government officials or political candidates) to the tpt (not sure why they don’t capitalize) studios for their guest appearances. It’s going to be really weird to be the guy sitting between Erik and Cathy for one of the early segments of the program, which airs at 7 p.m on channel 2 in the Minneapolis-St. Paul area.

If you live in Minnesota and can get channel 2, I hope you’ll tune in tonight at 7. I hope I don’t look too much like this:

When You Start Your WordPress Blog

Note: This is reposted from what was originally part of the “page” structure of this blog. It shows what you can expect when you decide to start a blog on WordPress.com.

Suus Not Ut Difficile!


When you click this link to start a new WordPress blog, you will see a screen something like this:

Wordpress Signup Page

All you do then is enter a name, like this:

Aase Family Blog Creation

And then, provided your name is unique enough, you get a message like this:

Blog Created

Congratulations! You now have a blog!

It’s that simple. It’s really that simple.

Getting More Sociable

I mentioned in my last post that I was looking for a way to add the Facebook “Like” button to my posts, and so I’m experimenting with another plugin from Sociable, called Facebook Open Graph. I had already added Facebook Connect functionality through another plugin, but this one theoretically should be better. I may still have a few kinks to work out, and I was disappointed that it didn’t immediately put the “Like” button on my previous posts.

But maybe it only works with new posts, or maybe I have to edit posts to get this button added.

In keeping with the Spirit of SMUG, I’m just giving it a try with this new post, and we’ll see if it works. I’ll keep you updated as I figure it out.

RAQ: Tips for Starting a Personal Blog?

Today I had the opportunity to do a presentation for a group in St. Cloud, Minn., and afterward Misty Sweeter (@MistyS01), a recent PR graduate, tweeted a question:

Hi Lee, good job presenting at Creative Memories today! Got me thinking about starting my own personal blog, any tips?

A. First, I think it’s great you’re considering starting your own blog. As you’re looking for ways to distinguish yourself, starting a blog is a great way to do it. It lets you show you can write, and to expand on your ideas.

I would recommend using WordPress.com as your platform, because it’s easy, fast and free, but yet gives you a lot of power to develop your own customized look. Blogger.com is likewise free, and some say it’s simpler, but unlike WordPress.com it doesn’t give you the opportunity to move to a self-hosted solution as you grow.

Even though the basic WordPress.com service is free, I would recommend that you spend about $20 for one upgrade.

When you set up your WordPress.com account, your blog’s URL would be something like mistysweeter.wordpress.com. That’s fine unless you decide later that you want to move to a self-hosted version of WordPress. So you want to take “wordpress.com” out of your URL. You can accomplish this by purchasing a URL (like mistysweeter.com, if it’s available) and using domain mapping to have that be your blog’s URL, even though it would be hosted on WordPress.com.

The whole thing will probably cost you about $20 a year, but the value is that it helps you build your personal brand, and one that can have some staying power. The last thing you want to do is write some good posts, have others link to them, and then move your blog to a new domain, which would mean those external links would be broken.

So buying the domain name will probably cost you about $10 a year, and the domain mapping on WordPress.com also will cost $10 per year.

This course, Blogging 305: Domain Mapping, give details on how you do this.

Beyond that, just think about what you want to write, and whether you want to include video posts as well. I think having some video will show you as a more well-rounded communicator, and having some text-based posts will enable you to showcase your writing and thinking processes.

I’ll look forward to seeing what you do with this.