Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. Plugins & Extensions
  4. Fighting spam!
  5. Simple test to reject trackback spam

Simple test to reject trackback spam

1 Jan 31, 2007 03:53    

I received today a couple of trackback spam messages, the first ones in maybe two months or so.

Reading the content of the messages, I realized that the IP address from where the trackback request was sent is different to the IP address of the host which is supposedly sending you the trackback.

A legitimate trackback sent from my site, for instance has to come from IP address 216.246.60.202 (liberal-venezolano.net). If the host sending the trackback is not 216.246.60.202 then I'm pretty sure that's a spam trackback, because why in heavens name would I be sending trackbacks from a differente host than the one where my blog resides? I see no legitimate case.

Except, of course, Haloscan, which is a service to send trackback pings for people blogging from such low places as blogger.com :-). However, I have never received a trackback from Haloscan, and in anycase an exception could be made.

It ocurred to me this would be a simple test to reject trackback spam:

1.- check the web address of the target link contained in the trackback and do a reverse dns lookup to get the IP address.
2. Compare that number with the IP address of the actual host which sent the trackback ping.
3.- Those two IPs should be the same. Otherwise reject the trackback. An exception is made for Haloscan users.

I think this would not impose a heavy extra load on B2evo. It would require only one extra reverse dns lookup.

For example these are the last 8 trackback spams I received:


Target link                       | IP Address of target link | IP address of trackback sender
webcalendario.com          | 74.52.113.156                |  66.188.93.10
webcalendario.com          | 74.52.113.156                | 124.80.251.178
clit-play-toy-vibrator.cej.pl | 62.233.192.202              | 69.172.12.173
www. buycialisshop.info    | 70.98.54.40                  | 67.68.65.147
cialisnet.info                   | 70.98.54.40                   | 67.68.65.147
www. adultshtorm.com    | 67.18.155.54                  | 75.31.235.244
gos.pl                            | 85.128.137.134              | 218.103.43.237
adult.wot.pl                     | 209.67.221.42               | 218.103.43.237

That's a 100% success, no false positives.

I think it's pretty cool idea, but I'm biased, it's mine.

Thoughts?

Back to top

2 Jan 05, 2009 23:03

I think thats a great idea, and I need it on my site, as I have been getting TONS of trackback spam recently (42 just today).

how do I set this up?

Back to top

4 Aug 14, 2009 02:27

Is this plugin compatible with the latest version V3.3.1?

Back to top

5 Apr 10, 2010 08:39

I've noticed in my server logs that many spammers are still trying furiously to leave trackback spam at the default address. Since that address doesn't exist, they simply get 404 errors and try again. I already was using a custom error page, and now I've implemented a method to ban any IP address that repeatedly calls any script in the htsrv directory that generates a server error (e.g., 404 Not Found).

Here's the script: checkban. I call the function checkBan from my error document. I also intend to call it from other scripts (see BlockUntrustedVisitors) .

You'll also need to add something like the following to your .htaccess file to use this custom error page:

ErrorDocument 400 /blog/error.php?400
ErrorDocument 401 /blog/error.php?401
ErrorDocument 403 /blog/error.php?403
ErrorDocument 404 /blog/error.php?404
ErrorDocument 500 /blog/error.php?500

------------------------------------
*fake sig removed

Back to top

6 Apr 20, 2010 11:42

I guess that you are 100% right but for the new site developers its is not easy to tackle this problem, for them i have a crap that would help them more,called "crapprotector". This plugin already offers some means to keep trackback spam to a minumum by setting auto-moderation to a specific amount of days. This auto-moderation will also apply to trackbacks.If a trackback item gets auto-moderated, you can approve it inside the Serendipity Administration area like i did for my site *crap removed*, section "Comments".
Additionaly, we have updated the latest version of our Spamblock plugin to filter the current wave of trackback spam. You can fetch the latest version here:*crap removed*
Download the file, save it in your folder plugins/serendipity_event_spamblock/ and then your plugin will automatically be updated. You can configure the new options as usual in the Plugin Configuration section.

Back to top


Form is loading...