WordPress (and the internet as a whole) really is a unique beast, I had gotten a monthly summary of data usage from Cloudflare for activity on the page, I had completely forgotten to configure email alerts for things like comments. Opening up the WordPress dashboard showed me I was missing out on a bunch of events!
A fair amount of spam posts, a few posts in russian, a ton of posts linking to porn.
Of all the comments I had gotten, I had only felt one could have been an actual comment, but it was incredibly vague and didn’t really make much sense to me.
It’s actually kind of impressive, I wonder if there’s a bot that’s just shotgunning random URLs and searching for typical comment entries. That’d be a great way to boost SEO (from my understanding)
Something akin to a mass nmap scan, but detecting WordPress blog posts that have comments enabled.
Maybe that’ll be a project for a rainy day. Kinda sketchy though, but it could be fun. Probably would get some (likely unwanted) traction from the infosec crew.
I guess I would start with a webservice, something like
https://whatcms.org/
scrape together a little python script that passes a wordlist through to the URL that signifies a search
for example
https://whatcms.org/?s=totemic.org
only I’d pass it through with a wordlist entry, something like
https://whatcms.org/?s={WORDLIST_WEBSITE_URL}
if it rings true as WordPress, could just search for pages that contain a link to an comment entry script, and if one is available (such as)
https://totemic.org/wp-comments-post.php
and recursively spam a message over to every blogpost completely automatically.
Would be even funnier if someone was manually going to every page to comment their stuff. What a waste of time.