I’ve recently installed the WordPress Plug-in called “TweetBacks” on two of my sites, to see how it goes. Those two sites are those I promote highly on Twitter . The first is this blog, about Small Business Internet Marketing , the other is a blog about How to Twitter .
What is TweetBacks WordPress Plug-In?
The TweetBack plug-in automatically picks up conversations when people Twitter about your particular WordPress blog post and inserts each tweet as a comment in your blog.
It was working out pretty nicely for a while. I even recommended TweetBacks to members of my inner circle, but then I noticed some very strange things only happening on this blog.
Suddenly, when I looked at the “Review Comments” console, I saw gobs and gobs of comments (~2,000) in many in different languages tweeting links to this this URL:
None of the links to that URL had anywhere near the same copy in the Tweet, obviously they were just trying to scam any and everyone in the world to visit the URL. Perhaps it loads malware or something, and the spammer isn’t terribly picky about how to prey on their next victim.
I immediately went to Google to see if anyone else has suffered from a similar malady . Maybe there was some sort of confusion with my specific URL or something, right? Well, I found enough blog posts about the issue for me to conclude that this was a widespread problem. It became obvious to me that the right course of action was…
- Immediately Deactivate then uninstall the TweetBacks WordPress Plug-in
- To get rid of the offending Tweets/Comments, execute the following SQL if you have access to a SQL tool (or ask your hired-gun nerdfolk to do this for you):
WHERE wp_comments.comment_content LIKE
- Help anyone else you see suffering from this by pointing them here.
Post Script: (The Developer Responds)
Since sharing with the world, via Twitter, my recommendation to uninstall the TweetBacks WordPress plug-in , several interesting things have happened.
- The author of the script, @jdevalk replied to me through Twitter, telling me that I have no idea what I’m talking about, and that the “right way” to handle this undesired behaviour is to talk to the developer first.
While I respect his right to his opinion, I beg to differ with his prescribed method of resolution. I believe that the proper way to handle any threat such as this is to
- immediately deal with the situation at hand,
- prevent further attack, then
- determine if there was any malice involved before making any personal accusations (which I have not).
Post-Post Script: (United Against Spam!)
I have been working with Joost de Valk (@jdevalk) to iron out the exact cause of the issue. He does seem like a rather nice guy , and is earnestly digging into the bug which has caused this unfortunate situation. I look forward to being able to use this plug-in again.
After I have used it for a while and have greater comfort that we’ve bulletproofed the application and that you will not be adversely affected by any further bugs, I will happily share with you the results of our joint effort to combat the spammers .