Python WordPress Spam Bot Automated Commenter

August 12, 2009
Tags:

I started with a project that would automatically log in to t-mobile.com and parse the page and email me how many minutes I used. I learned that this might work with Python and the mechanized package. I later learned that although the mechanized package can deal with cookies it can not deal with JavaScript which t-mobile.com uses heavily. So the project morphed into a learning experience. I then tried my hand a creating a WordPress spam bot or automated commenter. The default installation of WordPress is very vulnerable to spam bots. The comments page does have some simple blocks, but nothing that stopped mechanize. So without further ado, I give you my python WordPress spam bot:


#attempting to quickly spam my own blog

import mechanize, re, time

mech = mechanize.Browser()
mech.addheaders = [('User-agent', 'WP Spammer')]
mech.set_handle_robots( False )
mech.open("http://domain.tld/") #wordpress installation
mech.follow_link(text_regex= "no comments", nr=0) #Change this on your script
for i in range(30,35): #change the numbers to continue spamming
       mech.select_form(nr=0)
       mech["author"] = "Bob"
       mech["email"] = "Bob@hotmail.com"
       mech["url"] = "www.bob.com"
       mech["comment"] = "Yo %d" % (i)
       mech.submit()
       print "<----> used # %d" % (i)
       time.sleep(30) #TODO how low can this number go?

Basically, this code grabs the web page, finds the comments link, redirects to the comments page, fills the form, and finally submits the form. It then repeats every 30 seconds and changes the text in the comment. So, if you don’t have anti-SPAM plug-ins in place you may want to rethink about getting some.

A caveat to be aware of is the mech.follow_link(text_regex=”no comments”,nr=0). When adjusting the script for a new web page this will need to be updated.

Other examples for the follow_link command are shown:

* 3rd link called “download”
mech.follow_link( text = “download”, nr =3 );
* first link where the URL has “download” in it:
mech.follow_link( url_regex =download );
* 3rd link on the page
mech.follow_link( n = 3 );

If you receive an HTTP 404 error the follow_link needs to be changed.

02/10/10 UPDATE: to create this script in windows I used ActivePython and the mechanize package. To install the mechanize package in ActivePython on windows use PyPM. PyPM is a way to manage packages in python. After you install ActivePython, use pypm to install mechanize in the cmd prompt (not the interactive python interpreter, e.g. C:\ pypm install mechanize)

5 Responses to “Python WordPress Spam Bot Automated Commenter”

  1. Nice, but I can’t make this work.
    Could you check your script and retest please?
    Robert

  2. @Robert
    Could you tell me what portion of the script went wrong? How are you using the script? Some blogs have anti-spam controls that this script will NOT work with. If the page you are trying to spam uses JavaScript this script will not work. Also if comment moderation is enabled, your spam comments will never show up, but they will still be sent to the blog owner.

  3. Thanks Brad,

    I have modified your script a little bit to suit my test site, here it is http://paste.pocoo.org/show/155673/
    It gives me error http://paste.pocoo.org/show/155675/
    which I am not sure what it means exactly.
    I am using Python 2.6
    I am very newbie….
    The WordPress install is fresh with no plugins.

    Robert

  4. Please tell me how to use this i am a total noob and want to put spam comments on a friends word-press blog.

  5. Learn some python and you will find out this code is not very complex.

Leave a Reply