If you happen to notice any odd trackbacks associated with some of the entries that link to supposed rape or incest porn sites it’s because we’re currently being spammed by some asshole who’s appears to be either testing out a new spam script or trying to build up page rank for the URLs he’s spamming with. I’m cleaning it up as fast as I can and the folks at pMachine are hard at work on some improvements to help make cleanup easier and block known URLs.
If you’re running EE and getting hit by this asshole spammer one thing you can do to limit the damage done is go into your weblog config and set the allowed number pings per hour to 1 from whatever it’s currently set (default is 5). The script is spoofing IP addresses it seems and it’ll use the same one up until EE tells it that it’s been blocked, then it switches to a new one. It seems to be using a small number of different IPs, though, so limiting the number accepted to 1 per hour limits how many trackbacks get through. Paul is working on an update to the trackback module that’ll add a link to the notification emails to take you directly to the trackback in question and delete it as well as cross reference any trackbacks received to the Referrer Blacklist and block anything that it finds listed therein. I’m helping him test it and it’s about half-way working at the moment. Hopefully we’ll have something usable very soon.
Update: Looks like this isn’t just hitting folks running ExpressionEngine as several MovableType users are also reporting an influx of trackback spam. Richy is reporting that it appears these spams may be coming through open/anonymiser proxy servers and he is collecting a list of IP addresses used to spam sites so you can stick them into an Apache .htaccess file and block them if you wish. He’s also done some digging that has turned up an interesting note on who owns the machines the spam is comming from:
Who “owns” those IP addresses and appears to be running insecure machines?
OrgName: The Defense Information Systems Agency
OrgID: DISA
Address: DISA/DSSO/JCLCC
Address: Room BF655A, The Pentagon
City: Washington
StateProv: DC
PostalCode: 20301
Country: USYep - I’m getting spammed by The Pentagon!
Which makes me wonder if this is an open proxy issue or a zombified PC problem. Richy doesn’t think so according to his entry, but it wouldn’t surprise me if it that turned out to be the case. According to Richy changing the name of the trackback script in MT doesn’t stop the spam. He’s figuring they must be requesting the page they’re submitting the spam to in order to get the URL.
Anyway, if you want to get some relief by setting up a deny list then stop by Richy’s blog and grab the IP list he’s got there. And give him a great big thanks for taking the time to compile it while you’re there.
Posted on 07/03/2004 at 10:31 AM 
Posted on 07/03/2004 at 10:56 AM 
Posted on 10/10/2004 at 04:10 PM 
Its not only EE, my MT blog was hit with over 80 trackback spam today. Jay’s got an article up for MTB users - being on MT 3 I’m struggling with it :(