Gold Farming Spam, and its Malcontents (me).
January 30, 2008 10:03 AM   Subscribe

I saw this today, and couldn't figure out what the hell it was.

It's a website photo gallery for a relatively famous Philadelphia pizzeria, which (a pizzeria photo gallery) is kind of lame, but hey, it's Philadelphia. What I'm wondering about though, is all the comments. "Wow Gold" "Buy Wow Gold" Wow Power Levelling" etc etc, ad nauseum. I know Gold Farming is big business, but what the hell are they trying to achieve spamming website comment pages that no one will read anyway?
posted by SPUTNIK to Computers & Internet (13 answers total) 1 user marked this as a favorite
 
The bottom of the page says "Powered by Coppermine Photo Gallery." Perhaps some spam bot searched for "mine" or "copper."
posted by desjardins at 10:07 AM on January 30, 2008


It's a bot. Coppermine is a popular picture gallery application, so they probably honed the bot to post to random galleries.
posted by sharkfu at 10:07 AM on January 30, 2008


they spam any public forum they can get their hands on. It's not a tactic, it's a business plan. Like those signs that say 'make money working from home 202-433-zzzz' that are all over DC. It's there because no one seems to care, and it's so low cost that just bite is all they need from say, every 300 posts they make.
posted by parmanparman at 10:09 AM on January 30, 2008


If you notice, that the comments are all *linking* those phrases to various sites. Spammers are trying to up their Google pagerank. It has nothing to do with anyone actually reading the comments, other than the Google spider.

They're probably all automated spam. At some point that site was added to a list of forums that were postable, and away they go.
posted by skynxnex at 10:09 AM on January 30, 2008


The user who made those comments has links within his profile - so, making comments with the keywords in should in theory increase the keyword density of linking pages, making the target pages more relevant in the eyes of Google etc.

So the idea been attract search engines to perceive value of the final destination pages, rather then expecting human traffic.

I'm not convinced it actually works though. And, my SEO knowledge is hit and miss.
posted by paulfreeman at 10:12 AM on January 30, 2008


Yeah, spammers are constantly looking for installations of bbs, blogs, etc, that don't have good spam protection. If you run a publicly visible web server and watch your logs, you'll see these requests literally all day. For instance, my installation of phpMyAdmin gets pinged all the time:

71.34.71.250 - - [20/Jan/2008:13:19:18 -0500] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 339 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:18 -0500] "GET /admin/phpMyAdmin/main.php HTTP/1.0" 404 339 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:18 -0500] "GET /admin/sysadmin/main.php HTTP/1.0" 404 337 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:19 -0500] "GET /admin/sqladmin/main.php HTTP/1.0" 404 337 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:19 -0500] "GET /admin/db/main.php HTTP/1.0" 404 331 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:19 -0500] "GET /admin/web/main.php HTTP/1.0" 404 332 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:19 -0500] "GET /admin/pMA/main.php HTTP/1.0" 404 332 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:19 -0500] "GET /admin/main.php HTTP/1.0" 404 328 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:19 -0500] "GET /admin/mysql/main.php HTTP/1.0" 404 334 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:20 -0500] "GET /admin/myadmin/main.php HTTP/1.0" 404 336 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:20 -0500] "GET /admin/webadmin/main.php HTTP/1.0" 404 337 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:20 -0500] "GET /admin/sqlweb/main.php HTTP/1.0" 404 335 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:20 -0500] "GET /admin/websql/main.php HTTP/1.0" 404 335 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:20 -0500] "GET /admin/webdb/main.php HTTP/1.0" 404 334 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:20 -0500] "GET /admin/mysqladmin/main.php HTTP/1.0" 404 339 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:21 -0500] "GET /admin/mysql-admin/main.php HTTP/1.0" 404 340 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:21 -0500] "GET /admin/phpmyadmin2/main.php HTTP/1.0" 404 340 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:21 -0500] "GET /admin/php-my-admin/main.php HTTP/1.0" 404 341 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:21 -0500] "GET /admin/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:21 -0500] "GET /admin/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:22 -0500] "GET /admin/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:22 -0500] "GET /admin/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:22 -0500] "GET /admin/phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:22 -0500] "GET /admin/phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:22 -0500] "GET /admin/phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 349 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:22 -0500] "GET /admin/phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 349 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:23 -0500] "GET /admin/phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 345 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:23 -0500] "GET /admin/phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 349 "-" "-"
72.34.71.250 - - [20/Jan/2008:13:19:23 -0500] "GET /admin/phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 349 "-" "-"

They're just screaming through all the known default addresses for software that they can poke at. Once they find an installation, they run through username/password combinations until they can break in. The same is true for something like the site you found. There are people who just run bots that do this all day long. I was really freaked out when I first started watching web server logs, but now it feels kind of cozy. I would be worried if script kiddies weren't constantly jiggling the handle to see if all my doors were locked.
posted by heresiarch at 10:26 AM on January 30, 2008


Thanks guys. Mystery (at least to me) solved. If it wasn't for you meddling kids, I'd have gotten
away with it, too.
posted by SPUTNIK at 10:49 AM on January 30, 2008


These people are really annoying. Several of the WoW bloggers I read have decided to go through the tedium of approving all their comments because of some extremely persistent gold spammers.

I should note as a semi-relevant topic that a lot of the gold farmers who engage in the business above are also in the business of breaking into accounts whenever possible to obtain gold for free- they'll vendor every piece of gear you've ever gotten and mail your gold off to one of their accounts. One of the ways the accomplish this is by maliciously installing keyloggers that are designed to activate when they detect that wow.exe is running, which are frequently loaded into the sites that you might visit by clicking their banner ads or links. Don't visit gold spammer websites! It's just a bad idea overall. One good way to avoid keyloggers is of course to keep your "remember account name" box checked...if you have to change the account name at your login screen, type your account name into a blank document before you launch WoW, ctrl+C it, then launch WoW and ctrl+V it in. Another way is to type a few characters of your name/PW in, then alt tab and press 20 or so random keys, alt tab back in, and finish your name/PW. You can do this 2 or 3 times while entering your password if you like. Better safe than sorry...
posted by baphomet at 11:35 AM on January 30, 2008 [1 favorite]


Coppermine is used as part of Dragonfly CMS and several others which are used by guild websites. That's the connection -- the technical aspects are already covered.
posted by dagnyscott at 12:39 PM on January 30, 2008


What is gold farming?
posted by ~Sushma~ at 6:50 PM on January 30, 2008


~Sushma~, it's a term used in World of Warcraft - people will grind away in the game not for fun, but for profit. They 'play' until they have a very sizeable amount of gold in the game (with which you can buy many things).. and then that can be sold online for real-world money. You used to be able to buy it off of eBay, not sure if they cracked down on that or not.

In fact, at one point, there were actual 'farms' in Southeast Asia (Korea, maybe?) with nothing but a ton of people logged into WoW, grinding away to create gold for the company to sell for real-world dollars. Think factory workers creating virtual product.
posted by MarkLark at 6:59 PM on January 30, 2008


The Life of the Chinese Gold Farmer from NYT.

MarkLark- eBay used to be quite the market for MMO currency, but they banned all RMT (real money trade) some time last year, so buying any MMO currencies is strictly prohibited.
posted by baphomet at 8:00 AM on January 31, 2008


Oh, like Second Life Linden dollars...thanks for the explanation.

Fascinating world we live in.
posted by ~Sushma~ at 7:04 PM on January 31, 2008


« Older Stupid Excel Question   |   How do I vote strategically in the presidential... Newer »
This thread is closed to new comments.