Trackback spammers are testing a new script.

Posted by Les on Wednesday, January 05, 2005 at 05:57 AM. Read 1217 times. Tags:
{name} pic

Looks like the trackback spammers are hard at work with a new script of some sort. Woke up to a little over a half-dozen trackback spams this morning across all the blogs I maintain each using random text for the weblog name, domain, and entry. Each had a different IP address so it was able to avoid the limit on trackbacks received in an hour that ExpressionEngine allows you to define. Cleanup wasn’t a big deal as the notification emails all have links in them to quickly delete the entry in question, but it’s annoying just the same so I’m turning on a relatively new feature that adds a random security code to all trackback URLs generated by EE. The idea is similar to captchas—if the trackback doesn’t have the right security code it’s rejected. Not sure how it works in practice so if you try to ping SEB with a trackback in the next few days and it fails then be sure to let me know so I can look into it further.

Update: Looks like the security code option isn’t working quite right. Not sure if I have something set up incorrectly or what, but I’m turning it back off for now.

Permalink · 6 Comments · · · · · · · · · · · ·

Comments:

Page 1 of 1 pages

Neil T. Great Britain (UK) Posted on 01/05/2005 at 06:55 AM

Neil T. pic

I had that as well, both on my MT blog and my Wordpress test blog. The problem with Trackback spam is that the problem affects all CMSs which have trackback, not just specific systems like comment spam does. You can’t just switch to another platform to avoid the problem.

***Dave United States Posted on 01/05/2005 at 10:19 AM

***Dave pic

I had one of these this morning, too, dagnabbit.

On the other hand, I managed to effortlessly block 80k-odd trackbacks/comments referencing a version of cards that originates in the President’s home state, so I felt pretty good overall.

Les United States Posted on 01/05/2005 at 10:32 AM

Les pic

Indeed. The blacklist in EE does a pretty good job of weeding out stuff like that as well. Of course it’s only as good as what it has listed in it and these domains were all randomly generated. Fortunately, the limit on trackbacks allowed in an hour from an IP address kept the cleanup small.

 Signature 

Agnostics are just atheists without balls. - Stephen Colbert

Momma United States Posted on 01/05/2005 at 11:26 AM

Momma pic

I recieved two this morning and because I did’t recognize them on E-mail I tried to get rid of them!

John Hoke United States Posted on 01/05/2005 at 11:41 AM

John Hoke pic

Les,
I had about 20 over the past 18 hours at the Asylum.

When I switched from MT to EE in November, I originally turned on the random bits for TB pings, but could not get it working right either… I just didn’t grok it fully I guess.

If you figure it out, please let us know smile

Les United States Posted on 01/05/2005 at 11:49 AM

Les pic

You must have done OK, Mom, as the trackbacks were gone when I checked a little while ago. grin

I’m not sure if caching interferes with the security code or not, but I’ve got a note off to the pMachine crew to see if there’s something I’m not doing correctly.

 Signature 

Agnostics are just atheists without balls. - Stephen Colbert

Page 1 of 1 pages

Name:

Email:

Location:

URL:

Smileys

 @ 
<a>
Close Tags

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below:


Next entry: The Fifth Annual Weblog Awards is accepting nominations.

Previous entry: Having your own private arcade at home is a growing trend.

<< Back to main