Because of a standard configuration of many WordPress blogs, it’s not uncommon to get comments containing nothing but a generic compliment. These frequently also have a site like google.com listed as the commenter’s website and/or an email address from China (.cn) or Russia (.ru).
These generic compliment comments are part one of a two-stage spam attack.
WordPress (and possibly other blog platforms) can be set up so that comments from first-time commenters must be manually approved, but after that first comment is approved the commenter (based on email address) is free to make additional comments. Those additional comments will be automatically posted unless they violate other rules such as having two or more links/URLs in them.
The basic sequence then is something like this:
- Spammer posts a generic comment complimenting the post. Nothing objectionable here.
- Blog owner says “Awww, they like me! Approved!”
- Spammer says “Great, now I can post spam to the blog!”
- Spammer posts many spam comments with one link to their website or to whatever website they’re being paid to ‘advertise’ for. Comments show up immediately.
- Blog owner doesn’t pay much attention.
- Someone points out spam to blog owner.
- Blog owner says “How did this happen???” while deleting spam comments
- Spammer comes back again. If the blog owner didn’t block the email address, continues to post freely.
So, if you’re running a blog and see comments like that, don’t blindly approve them.
If you’re reading a blog and want to post a comment, please make it a comment about the post you’re responding to rather than a simple “I liked your post.”