Trackback spam
I’m under a bit of a torrent of Trackback spam at the moment. It’s particularly nasty content, andâas yetâvery difficult to block without blocking Trackbacks totally. So that’s what I’ve done; until someone comes up with a counter-attack, I’ve turned Trackbacks off. In fact, I’ve also changed the permissions on wp-trackback.php to 700 so that it can’t be executed.
It still doesn’t stop me being notified of the trackbacks, and I still have to delete them manually from the moderation queue. Unfortunately, they seem to be emanating from a huge number of possibly zombied computers, so you can’t even block the IP addresses in an .htaccess file. Sigh.
1
I got a bunch of that lately too. Nasty nasty stuff. I feel for ya.
by Roxanne @ 06/01/2005 3:02 am • Permalink •
2
If I understood this, I could be sympathetic...
{8¬)----- Been reading about this and wondered if I would get hit. Then I realised that I was being hit - but none of it was getting through Kittens spaminator plugin. Only picked up that it was happening when I checked my protected referral logs.
by Gary @ 06/01/2005 1:01 pm • Permalink •
3
I'm going to just ask a dumb Q for the hell of it, I guess. Can't you do the .htaccess rule based on what's in the content of the trackbacks instead? Or based on the webaddress they're advertising/emanating from?
I think it'll require a regular expression, but it should be possible to do...
by Lyle @ 06/01/2005 1:02 pm • Permalink •
4
Roxanne: Yes, it seems to be going around at the moment.
Mr. D.: Trust meâyou're better off not knowing
Gary: Does her spaminator protect against trackback spam too? I didn't know that.
Lyle: Nope, not a dumb question. It would probably be possible to do both (all the trackbacks I received had certain highly objectionable words in the body), but I don't know how you filter out on content via .htaccess. IP addresses were out, as they were either using zombied PCs or proxies: all the IP addresses were completely different. However, there was fix. I mentioned the problem to Jason Hoffman (the sysadmin at TextDrive), and he found the common user agent between all the attacks on mine and others' sites and banned the suckers! TextDrive is great
. So for now (touchwood), I'm trackback spam free.
by bsag @ 06/01/2005 10:01 pm • Permalink •
5
I notice that you still have comments up though (for which, congrats). I find that as soon as I deactivate the Turn Off comments plugin, the demons start battering their way in through the doors like a bad scene from Buffy... Do you just moderate heavily?
by Jolyon @ 07/01/2005 8:01 am • Permalink •
6
I thought you were at TextDrive now? We've got a neat spamhunters mailing list there [1], where you might want to send any data you have obtained to. If there's a pattern in it, they'll probably add it to the central blocking list so it get's filtered before it even reaches your site from that moment on.
[1] http://lists.textdrive.com/mailman/listinfo/spamhunters
by Marten Veldthuis @ 07/01/2005 12:02 pm • Permalink •
7
Jolyon: I used to just use the built-in measures in Options > Discussion, and they worked surprisingly well if you set them quite aggressively. Then I moved on to using Spam Karma. It was sod's law that I didn't get any comment spam during that period (I've disabled it temporarily for various complicated reasons), so I can't tell you how good it is! But there are lots of good plugins out there: Spam Karma, Kitten's Spaminator, wp-hashcash etc. You shouldn't have to turn off comments permanently.
Marten Veldthuis: Yes, I am, and he did (see comment #5
) I didn't know about that spamhunters though, that's useful to know.
by bsag @ 07/01/2005 5:01 pm • Permalink •
8
I did the user agent thing as well, silly spammer was sending an IE5.5 user agent when in reality most trackbacks use the user agent of whatever blogging system is being used, or something generic like 'PHP/4.3.10' . In fact, you could write an .htaccess rule that redirects any trackback attempts where the user agent starts with 'Mozilla' to another page - this is what I did. It'll protect against the current round of attacks at least.
by Neil T. @ 07/01/2005 7:01 pm • Permalink •
9
the aussie blogger who's running the current australian weblog of the year competition just gave the thumbs-up to this for wp spam control: WP HashCash
by Saltation @ 10/01/2005 10:01 pm • Permalink •
10
Neil T.: Yes, that's a good method, though as you say, it won't be long before we have to try something else.
Saltation: I've got that one installed too (belt and braces, you know...)
I can't tell if it's working, but I haven't got any spam since.
by bsag @ 11/01/2005 9:01 pm • Permalink •
11
Yes it is horrible stuff!!!
by paddy @ 19/03/2007 6:26 pm • Permalink •
Page 1 of 1 pages