There's a new tactic going on with Twitter. Enterprising young hackers and spammers are using bot programs to scour the web for blog and content management sites that are not locked down very well. Once found, the bot posts a "tweet" on Twitter with a few bits of text from the site's main page, along with a link to the new user account profile the bot has created on the site.

The bot also posts a bit of data in it's "bio" on the new site with various links it's wanting to increase the popularity of in Google. What's even more interesting is that there will generally be several hundred followers of the bot, but the bot follows noone. Are those people who want to make use of the accounts that the bot has rooted out?

Some bots will specifically target certain types of content management software. For instance, I've stumbled on several that will target ExpressionEngine, but others go after Drupal or Wordpress blogs that allow users to register accounts.

In most if not all cases, the users running those website don't even realize they are now host to spam fodder.

The major side effect is that many very active "users" on Twitter are actually bots that are simply designed to generate link revenues for advertising campaigns. I wouldn't be surprised if the number of bots was soon to eclipse the number of real users. As an average user you'd likely never stumble on one of these bots, but Google will index their posts and increase their targeted websites in it's index. The big impact though is on Twitter's servers and storage.

How did I find out about this? A marketing company I hired installed Expression Engine to manage one of my websites and neglected to lock it down properly. I had about 100 of these bogus accounts created in a one week period before I realized it.