[Plugin] Antispam DNS trackback. The end solution

[Austriaco]

Trackback spam is really a pain in the, you know where. Sometime ago I proposed a solution to the problem of trackback spam. The rationale is here: http://forums.b2evolution.net/...hp?t=10584

Since nobody replied to that message and I thought I have learned one thing or two about B2evolution, I decided to write a very small plugin. The name is "DNS Anti-spam Trackback" and I have it deployed on my b2evo blog for a week now with total success.

What does it do? It checks th IP address of the host sending a trackback and compares it with the IP address of the host pointed to by the URL sent in the trackback. If these two IP addresses are differents, then the odds are very high this is a trackback spam.

In fact, the only case I can think of that can produce false positives are trackbacks sent from Haloscan. Since I have never received any trackback from Haloscan I didn't worry about that case, but I think it would not e difficult to implement an exception rule to take care of it.

The downside of this are sites which are very heavily hit by trackback spam, they could end up overloading the DNS server, because a query is sent for every trackaback received. I guess some form of caching or something like that could also be implemented, but that's far far away from my capabilities. The idea is there though.

Currently I'm running B2evo 1.10 and as I said before I haven't received trackback spam in one week, when normaly I would receive between 5 and 15 trackbacks per day.

Caveat Emptor, I cannot assure that this plugin does what it claims or that it won't burn your server after 10 minutes. It hasn't mine, but as they say your mileage may vary.

How to use: Unzip the attached ZIP file inside your plugins/ directory and later activate the plugin from the backoffice.

Comments, improvements and whatever are welcome.

Enjoy.

[balupton]

Theoretically that sounds like a pretty neat idea. I'll give it a shot when I get my blog back up.

[Austriaco]

Great!

I have 10 days now without receiving any trackback spam (until the spamers [hopefully not] read this thread and figure out a way around)

[balupton]

But are you sure that all legitimate ones are getting through? Like i'm trying to think of a scenario that would break it, but I can't think of any! Probabally only if the trackbacker is playing silly buggers, in which case dosn't really matter. Oh what about if say blogger.com does it, as they have hosts all over the world (i'm guessing), maybe the ip addresses would be different? But if you check the ips of the domains the same way (by doing a request), instead of just $_SERVER['whatever it was'] then it should be fine. Good work.

Or maybe say for live spaces, they might host the blog on whatever server the user's country is. And maybe the site that posts it is different?

When I get my blog up, I'll go test all these theories.

[Austriaco]

Haloscan is the only scenario I had thought but I never receive anything from that service.

At least my own trackabacks go through! :-) Since I'm not the most popular blogger on earth, I don't receive many legitimate trackbacks (almost none, in fact) and I don't have a way to test this. Maybe somebody here can send a couple of trackbacks to see how things works.

[balupton]

Hi I'm going to try it on my blog now, I get a lot of traffic, so it will be interesting to see Will let you know how it goes
- If you want to test it out on mine and your blog, I'm up for firing off test trackbacks / receiving them.


Edit: I've made a few changes to the plugin, cleaned things up. Was there a reason with it being opt-in rendering though?

Anyway I you can get my changed one here http://www.balupton.com/blogs/...plugin.zip

Hope you don't mind, and hope it helps

[cslepage]

I've just installed it to a blog of mine that gets a small amount of traffic each day. The trackback spam only started when I upgrated to 1.10.

Balupton, does your change mean I don't have to do anything up install the plugin? Will it work for existing messages, or only for new ones?

[Austriaco]

For new ones. It will try to block new trackbacks coming from hosts different than the refered host. As far as I can see, you can just upload the updated povided by balupton and things should keep working without any intervention on your part, but I haven't done it yet. YMMV.

[balupton]

Yeah my change only cleans up the code (if that), no feature changes or anything. Austriaco is the mastermind

Austriaco, for the problems were it is a legit blog but using a different domain, maybe it could check the hostname against a known good hostname, so make a white list?

Oh btw, so far so good on my blog, not sure if any legit trackbacks have got through though... Mind throwing one at me sometime? http://www.balupton.com/blogs/...1&pb=1 (hope you like my little shoutout to your plugin, and should drive some traffic to it)

[jibberjab]

One of the earlier posts states this will work for new posts but not for existing posts... Is it possible to go back and re-save existing posts once this plugin has been installed?

jj.

[¥åßßå]

The bit you read meant, "it'll work for any trackbacks that occur after the plugin is installed" even if they're on an old post

¥

[jibberjab]

Ah, ok.... I really need to start getting more sleep.

jj.

[¥åßßå]

Me too

¥

[Daniel]

Ok... if I understood the description of this plugin correctly it´s not the same what I´ve seen yesterday by sending a trackback to a site without having the exact same URL linked in my post. My trackback was denied but after I saw my error, I added the source URL directly in my post and send the trackback again, and this time it works... Is the DNS plugin the same or is that what I wrote another possibility to increase spam trackbacks... Is there a b2evo plugin available what does what I have described?

[Austriaco]

No, Daniel, it's not the same. This plugin will check that the IP addresses of the trackback sender and the trackback "referee" are the same. Let's say you receive a trackback pointing to www.domain.com and www.domain.com has IP address "X", but the trackback was sent from another machine, which has IP address "Y". If "X" != "Y" then the trackback will be rejected. (read the "rationale" for the plugin: http://forums.b2evolution.net/...hp?t=10584 maybe it will help to clarify he concept)