201 trackback spams in just under two hours.

And all pointing to the same payday loan website. Even with trackback throttling they managed to get through because the script was generating a new IP address with every single submission and the URL would change to different subpages. Amazing. Now that they’re added to the blacklist as a root domain it’ll block any further attempts and it automatically cleaned out all the trackbacks associated with that domain, but I think this is a big sign that trackback has outlived its usefulness for SEB. Even with the ability to clean it all up pretty easily, it’s still become more of a pain than its worth. Which is a real shame because I really liked it, but like so many other things in life, the spammers just can’t leave it the fuck alone.

If you’re a spammer and we ever happen to meet in real life do yourself a favor and not mention your profession to me. I guarantee you I will punch you straight in the mouth if you do.

19 thoughts on “201 trackback spams in just under two hours.

  1. Funny, I haven’t had any trackback spam for months. Comment spam is still a problem but MT-Blacklist gets about 99% of it.

  2. I totally understand.  They were hitting me really hard before I upgraded wordpress.  I think we need to get a spammer posse going after these assholes.  We’ll start with the baseball bats to the kneecaps and just work our way up.  smile

  3. Lobo – a trackback is an externally generated link on your blog, pointing to a reference someone else made to the article in which it appears.  It’s pretty keen.

    Externally generated is the problem.  Anytime someone else can generate content on your blog, there have to be some safeguards to prevent spam.  With comments, the captcha has been pretty effective.

    But I am no longer enabling trackbacks on any new posts.  And… what Les said about meeting a spammer.

  4. Actually, changing the filename for trackbacks has been 100% effective for us so far. Of course that could change, but it’s worked wonders for a few months… We get lots of errors from people trying to hit the original filename, and we get to laugh at them, which is also nice.

  5. Yep, those were the bastards that did it. All of mine were spread across multiple blogs I run. I have to give mad props to Paul Burdick’s blacklist module, though, as simply adding a URL to the blacklist automatically deletes all offending trackbacks and referrer listings. Only other thing I had to do was tell EE to recount the statistics to correct the number of trackbacks it thought we had received.

    PZ, no need to blacklist each URL. Just add .doobu. to the blacklist and it’ll catch anything with that as part of the domain name.

  6. Double dipping cause Tom posted while I was writing my reply…

    Tom, there’s no file name to change with EE as it all runs through the same file. EE knows what to do with it based on the URL you call the site with. EE does have an option to add a random code to the end of each trackback, but I’m not using at the moment cause I’m not sure if I ever got it to work.

  7. Les,
    I got about 300+ attempts… only about 70 got through at the Asylum, and I added that domain as well.

    I like trackbacks, I do not want to turn them off, but I can see how they are going to slowly atrophy across the blogosphere until such a point as it becomes a “why bother” issue.

    I ran across this interesting idea on fighting spam.. I doubt it would work, but it’s worth a shot…

    I wish the trackback spec had a WS-Security header. AFAIR Trackbacks are just a webservice, they should allow for a WSSecurity header so that we can have authenticated trackbacks… say only allow trackbacks from members, or from those who you give an account to… hmm…

    Sorry… security and identity management is my day gig and I see lots of ways to federate security of trackbacks, but it would require a near re-write of the TB Spec… something I doubt six apart will be into… they are more enamoured with no-follow as opposed to fixing the tools to contain auth headers, as far as I can see.

  8. Solonor, is there a pinglink script out there for those of us who can’t write our own? I looked with google but all I found were people talking about it and saying how they wrote a script for it…

  9. The original pinglinks, I got from Joe Jenett. It uses Perl and a text file to track the links. I am more familiar with PHP. So, I took the same thing and made a PHP version that stores the links in MySQL. I don’t see why you couldn’t use it. I just need to create an installation script to setup the db tables (I did mine manually).

    Look on my blog in a day or two, and I’ll make it available.

  10. Awesome, thanks!  I could even make the tables myself…I can get that far.  I’m hoping to use it with WordPress, so the php version would be marvellous!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.