BlogEngage a social bookmarking website dedicated to bloggers and their topics would seem to have had their defenses down and become the target of an Autopligg bot attack. The weakness is that BlogEngage are using the standard pligg captcha method which is easily bypassed and has been broken for some time. Several spam stories have already been promoted to the BlogEngage published section in quick succession.
What is Autopligg and how does it work, well we have previously reported on the tool here “AutoPligg Spam Tool: Pligg Spam Just Got A Whole Lot Worse“. However basically it’s a program that creates fake user accounts then submits articles to your pligg site for those fake accounts to vote upon.
It’s also the reason you should use ReCaptcha as you spam defense on registration, BlogEngage unfortunatley is using the default pligg captcha which AutoPligg can bypass. If you are wondering just how AutoPligg can bypass the default pligg Captcha read this article “How to crack Pligg’s Default captcha“.
Below are some images of the AutoPligg incident.
Screenshot 1: Stories Just submitted, voted and Promoted by bot.
Screenshot 2: Autopligg doing some Auto Voting of articles with fake user accounts.
Screenshot 3: AutoPligg finished voting upon the spam articles.
Screenshot 4: A fake story example 1 showing the fake users who voted to promote.
Screenshot 5: A fake story example 2 showing the same fake users who voted to promote story example 1.
A note to all pligg website owners Enable ReCaptcha. And i think this is the first time i have seen Fish spam?.