Simple test to reject trackback spam

[Austriaco]

I received today a couple of trackback spam messages, the first ones in maybe two months or so.

Reading the content of the messages, I realized that the IP address from where the trackback request was sent is different to the IP address of the host which is supposedly sending you the trackback.

A legitimate trackback sent from my site, for instance has to come from IP address 216.246.60.202 (liberal-venezolano.net). If the host sending the trackback is not 216.246.60.202 then I'm pretty sure that's a spam trackback, because why in heavens name would I be sending trackbacks from a differente host than the one where my blog resides? I see no legitimate case.

Except, of course, Haloscan, which is a service to send trackback pings for people blogging from such low places as blogger.com :-). However, I have never received a trackback from Haloscan, and in anycase an exception could be made.

It ocurred to me this would be a simple test to reject trackback spam:

1.- check the web address of the target link contained in the trackback and do a reverse dns lookup to get the IP address.
2. Compare that number with the IP address of the actual host which sent the trackback ping.
3.- Those two IPs should be the same. Otherwise reject the trackback. An exception is made for Haloscan users.

I think this would not impose a heavy extra load on B2evo. It would require only one extra reverse dns lookup.

For example these are the last 8 trackback spams I received:

[WACOMalt]

I think thats a great idea, and I need it on my site, as I have been getting TONS of trackback spam recently (42 just today).

how do I set this up?

[Austriaco]

I wrote a plugin implementing just this idea. You can find it here: http://cronicaslinuxeras.com/d...pam_plugin

[iceblock]

Is this plugin compatible with the latest version V3.3.1?

[jack34]

I've noticed in my server logs that many spammers are still trying furiously to leave trackback spam at the default address. Since that address doesn't exist, they simply get 404 errors and try again. I already was using a custom error page, and now I've implemented a method to ban any IP address that repeatedly calls any script in the htsrv directory that generates a server error (e.g., 404 Not Found).

Here's the script: checkban. I call the function checkBan from my error document. I also intend to call it from other scripts (see BlockUntrustedVisitors) .

You'll also need to add something like the following to your .htaccess file to use this custom error page:

ErrorDocument 400 /blog/error.php?400
ErrorDocument 401 /blog/error.php?401
ErrorDocument 403 /blog/error.php?403
ErrorDocument 404 /blog/error.php?404
ErrorDocument 500 /blog/error.php?500



------------------------------------
*fake sig removed

[harrisandreson]

I guess that you are 100% right but for the new site developers its is not easy to tackle this problem, for them i have a crap that would help them more,called "crapprotector". This plugin already offers some means to keep trackback spam to a minumum by setting auto-moderation to a specific amount of days. This auto-moderation will also apply to trackbacks.If a trackback item gets auto-moderated, you can approve it inside the Serendipity Administration area like i did for my site *crap removed*, section "Comments".
Additionaly, we have updated the latest version of our Spamblock plugin to filter the current wave of trackback spam. You can fetch the latest version here:*crap removed*
Download the file, save it in your folder plugins/serendipity_event_spamblock/ and then your plugin will automatically be updated. You can configure the new options as usual in the Plugin Configuration section.