I hate spammers. More than you. However, in order to understand them, one must learn their trade. The following code is about as basic as it gets when it comes to submitting spam comments to WordPress… but it’s interesting nonetheless (and has countless legitimate application). Don’t worry, I’m not sharing anything our spamming friends aren’t already aware of.
Using the principle of submitting a form with CURL, you could very easily and quickly integrate a form into various types of feeds (including RSS) or use it to replicate comments on individual blogs. Used with a cron you could artificially (and remotely) create responses to threads that introduce new elements to a discussion or, integrated with other types of CMS systems, inject news and relevant third party links into a thread.
The format of the WordPress post comment box is consistent from one blog to the next making it easy for spammers to set up automated systems to pollute the blogosphere. You’ll be surprised how many spam comments actually get published. A friend of mine used to reply to them not knowing he was wasting his time.
How Spammers Automate Spam Comments to WordPress
$postfields = array();
$postfields["action"] = 'submit';
$postfields["author"] = 'Marty';
$postfields["email"] = 'email@example.com';
$postfields["url"] = 'http://www.SpamBlows.com';
$postfields["comment"] = 'This comment spam. Happy happy good luck number 7.';
$postfields["comment_post_ID"] = '1';
$postfields["_wp_unfiltered_html_comment_disabled"] = '84248387b9';
$useragent = 'Mozilla/5.0';
$referer = $url;
$url = 'http://www.SomeDomain.com/wp-comments-post.php';
$site = 'http://www.SomeDomain.com/hello-world/';
$ch = curl_init(); // initialize curl handle
curl_setopt($ch, CURLOPT_URL,$url); // set url to post to
curl_setopt($ch, CURLOPT_POST, 1); // set POST method
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); // add POST fields
curl_exec($ch); // run the whole process
If a spammer were to use something like this they would almost certainly have millions of posts indexed in a database that they’d loop through at a set interval (with the clever ones categorizing comments by topic so they can submit a ‘most relevant’ response). Obviously, they’d randomize their email, IP, referrer and other details.
If you were to check the referring page you could quite possibly eliminate spam submitted via this method.
Shortt URL for this post: http://shor.tt/E01