Trackback spam and countermeasures like Akismet and trackback validation



As I’ve already commented today…. there has been a massive trackback spam swarm going on the last 24 hours. I’ve now racked up 1300 or so in the Akismet filter on this site and another 150 or so on another two sites. Akismet has been very impressive in defending this attack. Only 1% of the trackbacks slipped through, or about 14 or so across three sites. I’ve looked to see what other measures I can take against trackback spam and found one that looks like it should eliminate the 1% that got through.


It’s a simple concept that I’ve seen implemented at the Washington Post blogs. It basically validates IF there is a link to your site in the post that’s “tracking back”. It’s called Trackback Validator Plugin and should work for anything around WordPress 1.5 and up. Akismet looks to be available for other blog/cms as well. If you’re using another cms I’d look into a trackback validator. In theory, this should stop the rest of the trackback spam and likely take a bit of the load of akismet, because I would think it would filter things out before they get to akismet. Testing it on this site right now, will add to the others later.

In other words…. if you’re tracking back to this site now you will need to have a link to the post in your article. It shouldn’t be a big deal for legitimate trackbacks. Thanks and good luck in the trackback spam war…

I wonder if whole legions of spammers of all stripes are rejoicing over the demise of email spam fighters Blue Security?

–update 5/19/06–

Ok the twin trackback defence measures of Akismet and the trackback validator have been in place for 18 hours or so now (Akismet has been in for months – but the trackback validator plugin just came into place yesterday to stop the 1% of trackbacks that were slipping past akismet. It appears as though Akismet is the first line of defence, then if trackbacks slip through, I’ve seen an email notification (which I’ll likely be shutting off…) and when I go to moderate – it’s just not there – so the trackback validator has been doing a standup job of taking out th leftovers.

There has been yet another swarm overnight (and another already this morning – so I’m up about anohter 400 or so attempts. Trackback validator will likely go up on all my wordpress installs now. My only concern was that it could interfere with akismet. I may leave the email notifications of posts on for now, given that it’s a very small number that’s slipping past akismet – although at some point, I may need to just disable those. (BTW akismet has caught over 2000 on this site alone, another couple hundred on another two sites.) – The last two batches were credit card and then hotel/travel related (just fyi).

Related Posts

Blog Traffic Exchange Related Posts
  • BBPress 0.9x | Wordpress compatible forum software As you know I've used wordpress as a platform for many of my sites. It makes updating and adding information so quick and easy (as well as great extensions available for it and good theme possibilities.) Anyway, I've wanted forum functionality on a few sites as well and so I......
  • The Spam fight turns to blogs.... I've detailed some of the struggles I had for a bit with FLOODS of comment spam. Details of the issue and a fix which has been rock solid for Wordpress can be found in the following posts (reverse chronological order): Update on comment spam storms, trackback spam countermeasures such as......
  • Phishing - so many flaws to exploit so little time In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE.... Brian Krebs at the Security Fix has some details on some of the new and interesting ways......
Blog Traffic Exchange Related Websites
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site