There’s seems to be a new way of luring users of WordPress to spam sites: WordPress Plugin Spam.
Like most other plugin authors I regularly check what others are saying about them; actually I have a Google Alert set on the names). The other day I received an an e-mail from this service telling me that there is a new fork of my pagebar plugin called Advanced pagebar. Hey cool, some one build a new plugin based on my code.
There a link to the WordPress plugins page. Really? No! (Therefore I added three strokes to the domain.) The spammer actually registered a domain to perfect his fraud. This page lists some other plugins which are infected the same way but their names aren’t changed. What an honour for pagebar! I think I should inform the authors about this spam attack.
The spam page
Brave as I am I visited the site which the spammer links to:
Looks like actual content. As you can see, there are even some comments on the posts:
John says: September 8, 2010 at 8:27 am
hey man, nice blog…really like it and added it to bookmarks. keep up with good work
Anton Dirksma says: September 8, 2010 at 10:46 am
Hey, very nice website. I actually came across this on Bing, and I am happy I did. I will definately be coming back here more often. Wish I could add to the conversation and bring a bit more to the table, but am just absorbing as much info as I can at the moment. Thank You
The list goes on like this. On the first look the comments look genuine but if you inspect the content and the commenting times a bit closer you’ll realize that these were created automatically.
So who’s behind this? Let’s consult nic.com:
hyderabad india hyderabad, Andhra Pradesh 500016 India
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: 111WAYSTOMAKEMONEY.COM Created on: 30-Aug-10 Expires on: 30-Aug-11 Last Updated on: 30-Aug-10
As I suspected it’s a guy from India (Rahul is a very common name in Bollywood films). It gets really funny if you enter the address in Google maps: it’s the Begumpet Airport. LOL!
Altogether it’s still spam but this is a small step further. The common WP user does not expect spam inside of plugins and, if I get the GPL right, there’s nothing you can do about it. All of the captured plugins are released under the GPL.Everybody can do almost anything with it as long as he re-releases it under the GPL. This spammer does nothing illegal and even if he would, how are the chances to stop him? NIL. The only thing we can do is to keep an eye on the site and to warn the affected original authors.
Wait, there’s another thing we can do: Thank the team of Automattic for removing such spam plugins from the official plugin site rapidly!