Tag: Security

Holiday Season is approaching fast and there are tons of spam blogs popping up on WordPress.com. If you are using WordPress.com Reader, you might have seen them clogging up your feed. Obviously these spam blogs are “make money quick scheme” by posting affiliate links on their posts. The contents are usually copied and pasted form site such as Amazon.com. Apparently the spammers have found a way to open WordPress.com accounts and blogs in an automated way.

Examples of the spam blogs URL’s:

• applemacbookproitzm.wordpress.com
• appleiphone4s32odop.wordpress.com
• appleiphone3gs1mxjr.wordpress.com
• appleiphone564gcaqu.wordpress.com
• appleiphone4s32zvbx.wordpress.com
• applemacbookprosgrk.wordpress.com
• appleiphone48gbxola.wordpress.com
• applemacbookmb4zhlm.wordpress.com
• appleiphone48gbnqkj.wordpress.com
• appleiphone416gtswx.wordpress.com
• applemacbookmc5rbvr.wordpress.com
• appleiphone4s64jysy.wordpress.com
• appleiphone4s32qfcy.wordpress.com
• apple64gbiphoneubwv.wordpress.com
• appletvmb189llazvqf.wordpress.com
• appleipodclassiqlum.wordpress.com
• appleipodnano16vpaf.wordpress.com
• appleiphone48gbgrij.wordpress.com
• verizonappleiphggsn.wordpress.com
• applemacpromd77sijx.wordpress.com
• appleipodnano16azpv.wordpress.com
• appleipad2withwvqpm.wordpress.com
• mushkinenhancedrlnn.wordpress.com
• applemacbookairfrhb.wordpress.com
• applemacbookmb4hugo.wordpress.com
• appleiphone3gs1nsvh.wordpress.com
• appleipodtouch6onev.wordpress.com
• appleiphone44sdxtmj.wordpress.com
• appleiphone48gbvodl.wordpress.com
• appleiphone516gpwpp.wordpress.com
• appleiphone3g8glzwo.wordpress.com
• appleiphone516gfnnu.wordpress.com
• appleiphone4bladgqo.wordpress.com
• appleipad2mc987pvnh.wordpress.com
• appleipad2mc773pqci.wordpress.com
• appleipodnano16sowm.wordpress.com
• appleipad2mc764tadk.wordpress.com
• appleipadmd363ldhox.wordpress.com
• appleiphone48gbpmyz.wordpress.com
• appleipad34g32ghcbe.wordpress.com
• zaggzaggfoliofoqspv.wordpress.com
• appleipadmd364lruqx.wordpress.com
• applemacbookproxzvr.wordpress.com
• appleipodclassibilh.wordpress.com
• appleipad2mc755dgfb.wordpress.com
• applenewipad4g3rdqt.wordpress.com
• appleipadfirstggxtr.wordpress.com
• appleipad2mc982pwhg.wordpress.com
• appleiphone532gbgtf.wordpress.com

Notice the pattern of the account name:

• A brand name, such as “apple”, “zagg”, “mushkin” and “verizon”
• Followed with product name, such as “ipad”, “iphone”, “ipod”, “macbookpro”, “zaggfolio”, etc.
• Followed with random string of Alpha-numeric characters

Creating account on WordPress.com requires a person to provide:

• Valid E-mail address
• Username
• Password

In addition to that, WordPress.com requires user to activate the blog through E-mail verification. (Does WordPress.com use something like CAPTCHA?)

Apparently the spammers have found a way to mass-create accounts and blogs on WordPress.com, once again.

During Beijing Olympics in 2008, significant numbers of blogs on WordPress.com were created with the sole purpose of spreading malware. The malware hid behind fake links purported to be videos of Beijing Olympics opening ceremony. It was a problem then, and it would still be a problem now. The example blog addresses provided above primarily used to promote the spammers’ Amazon affiliate links; definitely are violating WordPress.com Terms of Service (TOS).

WordPress.com team members are very responsive to the TOS violations. They immediately suspend the offending accounts as soon as they received the reports from users. It sure takes some times for users to report these spam blogs; it’s worth it. Consider WordPress.com the neighborhood we are living in or doing business in. We want to keep them safe and clean.