Recent Topics

1 Jul 16, 2007 19:57    

Trackback spam is really a pain in the, you know where. Sometime ago I proposed a solution to the problem of trackback spam. The rationale is here: http://forums.b2evolution.net/viewtopic.php?t=10584

Since nobody replied to that message and I thought I have learned one thing or two about B2evolution, I decided to write a very small plugin. The name is "DNS Anti-spam Trackback" and I have it deployed on my b2evo blog for a week now with total success.

What does it do? It checks th IP address of the host sending a trackback and compares it with the IP address of the host pointed to by the URL sent in the trackback. If these two IP addresses are differents, then the odds are very high this is a trackback spam.

In fact, the only case I can think of that can produce false positives are trackbacks sent from Haloscan. Since I have never received any trackback from Haloscan I didn't worry about that case, but I think it would not e difficult to implement an exception rule to take care of it.

The downside of this are sites which are very heavily hit by trackback spam, they could end up overloading the DNS server, because a query is sent for every trackaback received. I guess some form of caching or something like that could also be implemented, but that's far far away from my capabilities. The idea is there though.

Currently I'm running B2evo 1.10 and as I said before I haven't received trackback spam in one week, when normaly I would receive between 5 and 15 trackbacks per day.

Caveat Emptor, I cannot assure that this plugin does what it claims or that it won't burn your server after 10 minutes. It hasn't mine, but as they say your mileage may vary.

How to use: Unzip the attached ZIP file inside your plugins/ directory and later activate the plugin from the backoffice.

Comments, improvements and whatever are welcome.

Enjoy.

2 Jul 17, 2007 19:14

Theoretically that sounds like a pretty neat idea. I'll give it a shot when I get my blog back up.

3 Jul 17, 2007 19:16

Great!

I have 10 days now without receiving any trackback spam (until the spamers [hopefully not] read this thread and figure out a way around)

4 Jul 17, 2007 19:25

But are you sure that all legitimate ones are getting through? Like i'm trying to think of a scenario that would break it, but I can't think of any! Probabally only if the trackbacker is playing silly buggers, in which case dosn't really matter. Oh what about if say blogger.com does it, as they have hosts all over the world (i'm guessing), maybe the ip addresses would be different? But if you check the ips of the domains the same way (by doing a request), instead of just $_SERVER['whatever it was'] then it should be fine. :) Good work.

Or maybe say for live spaces, they might host the blog on whatever server the user's country is. And maybe the site that posts it is different?

When I get my blog up, I'll go test all these theories.

5 Jul 17, 2007 19:34

Haloscan is the only scenario I had thought but I never receive anything from that service.

At least my own trackabacks go through! :-) Since I'm not the most popular blogger on earth, I don't receive many legitimate trackbacks (almost none, in fact) and I don't have a way to test this. Maybe somebody here can send a couple of trackbacks to see how things works.

6 Jul 31, 2007 18:08

Hi I'm going to try it on my blog now, I get a lot of traffic, so it will be interesting to see :) Will let you know how it goes :)
- If you want to test it out on mine and your blog, I'm up for firing off test trackbacks / receiving them.

Edit: I've made a few changes to the plugin, cleaned things up. Was there a reason with it being opt-in rendering though?

Anyway I you can get my changed one here http://www.balupton.com/blogs/plugins/download/dns_antispam_trackback_plugin.zip

Hope you don't mind, and hope it helps :)

7 Aug 01, 2007 12:10

I've just installed it to a blog of mine that gets a small amount of traffic each day. The trackback spam only started when I upgrated to 1.10.

Balupton, does your change mean I don't have to do anything up install the plugin? Will it work for existing messages, or only for new ones?

8 Aug 01, 2007 12:15

For new ones. It will try to block new trackbacks coming from hosts different than the refered host. As far as I can see, you can just upload the updated povided by balupton and things should keep working without any intervention on your part, but I haven't done it yet. YMMV.

9 Aug 02, 2007 08:02

Yeah my change only cleans up the code (if that), no feature changes or anything. Austriaco is the mastermind :)

Austriaco, for the problems were it is a legit blog but using a different domain, maybe it could check the hostname against a known good hostname, so make a white list?

Oh btw, so far so good on my blog, not sure if any legit trackbacks have got through though... Mind throwing one at me sometime? http://www.balupton.com/blogs/b2evo?title=dns_trackback_plugin_the_proper_solution&more=1&c=1&tb=1&pb=1 (hope you like my little shoutout to your plugin, and should drive some traffic to it)

10 Aug 03, 2007 16:52

One of the earlier posts states this will work for new posts but not for existing posts... Is it possible to go back and re-save existing posts once this plugin has been installed?

jj.

11 Aug 03, 2007 17:01

The bit you read meant, "it'll work for any trackbacks that occur after the plugin is installed" even if they're on an old post ;)

¥

12 Aug 03, 2007 17:33

Ah, ok.... I really need to start getting more sleep. :)

jj.

14 Aug 07, 2007 14:15

Ok... if I understood the description of this plugin correctly it´s not the same what I´ve seen yesterday by sending a trackback to a site without having the exact same URL linked in my post. My trackback was denied but after I saw my error, I added the source URL directly in my post and send the trackback again, and this time it works... Is the DNS plugin the same or is that what I wrote another possibility to increase spam trackbacks... Is there a b2evo plugin available what does what I have described?

15 Aug 07, 2007 14:49

No, Daniel, it's not the same. This plugin will check that the IP addresses of the trackback sender and the trackback "referee" are the same. Let's say you receive a trackback pointing to www.domain.com and www.domain.com has IP address "X", but the trackback was sent from another machine, which has IP address "Y". If "X" != "Y" then the trackback will be rejected. (read the "rationale" for the plugin: http://forums.b2evolution.net/viewtopic.php?t=10584 maybe it will help to clarify he concept)

16 Aug 15, 2007 18:22

Hey Austriaco, probably a good idea to submit it to http://plugins.b2evolution.net/ and get it mainstream, so far working perfectly for my blog, wordpress.com trackbacks someone said don't go through, but oh well.

18 Aug 23, 2007 07:36

Cool, I've updated as well. What is the opt-in rendering for though, I still don't know why it's there?

19 Aug 23, 2007 13:32

I'm sorry. I'm so sloppy! The renderer stuff is there because it was in the plugin skeleton that's provided as sample. Remember, this was my first plugin, so I didn't know exactly what should be in and what out, so I left everything in! I will update, when I have some more time. Thanks Balupton.

20 Aug 24, 2007 19:17

Hi Austriaco.

I've tried to post this as comment on your blog, but there's something strange there :D

The comment:

I think that still doesn't work with wordpress.com trackbaks!

I have installed the prior version, and can't receive the wordpress trackbacks. I have read the code and done a little test, and still doesn't work. I can send you the trackback that I send to my self to you!

The comment has came from 72.232.131.30 but the ip of the wordpress blog is 72.247.132.199

[]'s
- Walter

21 Aug 25, 2007 01:26

Thanks Walter, I solved the problem with comments on my blog.

I sent I trackback from a wordpress.com blog I created specifically to test. I should have done this before. The request came from IP 72.232.131.30 even though the blog adress corresponds to IP 88.221.120.199.

So, it seems to me Wordpress.com is sending trackbacks from a centralized server, different from the ones which serve the blogs. This would make sense, since they collect all trackback requests from every *.wordpress.com blog and then send them in batches or something like that.

Now, assuming the above is correct, the question is whether they use only one server for sending trackbacks or several of them and we were just lucky to have sent trackbacks from the same trackback server.

Moreover, They can change this central trackback server at their discretion at any time, which would require a change inside the plugin everytime it happens, is it happens.

For the time being, I guess I can hardcode the IP address of the suspected wordpress.com trackback server and see what else come to mind.

23 Aug 25, 2007 11:47

Austriaco wrote:

For the time being, I guess I can hardcode the IP address of the suspected wordpress.com trackback server and see what else come to mind.

Alternatively you could add a textarea setting and have a "whitelist" of ip address's ( 1 per line ) which would make adding/removing/changing the ip's far easier ;)

¥

24 Aug 28, 2007 14:05

I like the idea of a whitelist. Now, that raises one question:

If I want to add settings to the plugin, do I have to deal with DB stuff? The settings would have to be saved somewhere.

25 Aug 28, 2007 14:13

You define them in GetDefaultSettings then use $this->Settings->get/set, take a look at the test plugin :)

26 Aug 28, 2007 21:59

Alright, I implemented the textarea for a whitelist. One question I have before publishing the new version: How do I initialize a multiline variable inside the plugin. The thing is that I've checked wordpress.com sends trackbacks from at least 6 different hosts:

72.232.131.30
72.232.131.29
72.232.131.31
72.233.2.49
72.233.2.30
66.135.48.143

Plus three more for haloscan.com:

72.9.234.71
72.9.234.77
72.9.234.70

and I think it would be nice to povide at least this set of IP addresses to the user.

What I'm doing now is:

function GetDefaultSettings()
  {
    return array(
      'whitelist' => array(
        'type' => 'textarea',
        'label' => $this->T_( 'IP whitelist' ),
        'defaultvalue' => '72.232.131.30',
        'cols' => 15,
        'rows' => 10,
        'note' => $this->T_('Input one IP address you want to exempt per line') )
      );
  }

27 Aug 28, 2007 22:06

Just use implode and explode with say '|' for the separator, but if you really want multi line then do str_replace("\r", '', $var); and explode/impode("\n", $var); As new lines are either \r\n or \n.

But afwas's suggestion of gethostbyname is a good one as well as say all those ip addresses you just posted might just return the string "haloscan" or whatever making the need for a whitelist unnecessary.

28 Aug 28, 2007 22:16

function GetDefaultSettings()
  {
    return array(
      'whitelist' => array(
        'type' => 'html_textarea',
        'label' => $this->T_( 'IP whitelist' ),
        'cols' => 15,
        'rows' => 10, /* perhaps a larger number here */
        'note' => sprintf( $this->T_('Input one IP address you want to exempt per line')),
        'defaultvalue' => '
72.232.131.30
72.232.131.29
72.232.131.31
72.233.2.49
72.233.2.30
66.135.48.143
72.9.234.71
72.9.234.77
72.9.234.70',
        ),
      );
  }


Hope I didn't make any unintentional typos.
And do check version compatibility. I took the basic code from B2evo 2.0a and didn't check anything.

*edit*
I edited this post, added the last line (important) and disabled smilies.

29 Aug 28, 2007 22:48

Thanks balupton,

The thing is, for instance, I sent 6 trackbacks from anarcocapitalista.wordpress.com, which is an alias for e1143.c.akamaiedge.net, which in turn has IP address 88.221.52.199 (This would be the result of gethostbyname("anarcocapitalista.wordpress.com")), but the Trackbacks where sent from different hosts, none of which has any relation to anarcocapitalista.wordpress.com (those are the IPs I mentioned above).

30 Aug 28, 2007 23:01

Austriaco wrote:

Thanks balupton,

The thing is, for instance, I sent 6 trackbacks from anarcocapitalista.wordpress.com, which is an alias for e1143.c.akamaiedge.net, which in turn has IP address 88.221.52.199 (This would be the result of gethostbyname("anarcocapitalista.wordpress.com")), but the Trackbacks where sent from different hosts, none of which has any relation to anarcocapitalista.wordpress.com (those are the IPs I mentioned above).

Sometimes you just wish things to work the way you want them to.
I'm afraid the list you provided is only a beginning. They're probably IP ranges, so be prepared to change the code to 72.9.234.xxx etc.

31 Aug 28, 2007 23:22

Another potential source is Typepad. Any other service like that which could be source of trouble?

32 Aug 29, 2007 00:00

Can you test thsi version? I mean, you can install it, but can you make a trackback to the blog where the pluigin is installed from one of the whitelisted IP's?
At least:
a) the list shows in the backoffice -> App Settings -> Plugins -> DNS Antispam Trackback (Now tested in 1.10)
b) It shows you how to call the settings:

$this->Settings->get( 'whitelist' )


If I did the if and elseif correct, it first checks if the $url_parsed is in the whitelist.
Unfortuantely I don't have a 1.10 bog online, so I can't test if it does what was intended.

TODO: write the added IP's to database or file. In this version newly added IP's will disappear if the plugin is uninstalled and probably when the server is reset.

Based on the version by balupton, hoping that is the most recent

*edit
I removed the test version, look for the post by Austriaco for the next develpment version.

33 Aug 30, 2007 23:39

I liked it!

But, the settings of all the plugins disappear when the plugin is uninstalled no?

34 Aug 30, 2007 23:57

Walter wrote:

I liked it!

But, the settings of all the plugins disappear when the plugin is uninstalled no?

What do you mean? The settings from the plugin are destoyed when you uninstall the plugin, but that is supposed to be.

The version I posted is for testing purposes. It's Austriacos plugin and only if he decides to publish it's a new version. But, you can test it, that's what a test version is about. Report back a) if spam gets through and b) if no spam gets through, does it make exceptions for the added IP's.

Good luck

35 Aug 31, 2007 00:01

Sorry for the ambigous phrase.

The settings from the plugin are destoyed when you uninstall the plugin, but that is supposed to be.

it's what I meant :D

36 Aug 31, 2007 00:08

You can manually add IP's in the back office of the plugin. Whatever you store there is not saved. You can also change the plugin's php file. There IP's are stored and saved if the plugin is newly installed. But this is not the most user friendly way to store settings, so a little work from the developer is required.

37 Aug 31, 2007 00:16

It's possible to create tables with the installation of the plugin, but AFAIK, these tables are removed with the uninstall proccess.

38 Aug 31, 2007 00:23

Walter wrote:

It's possible to create tables with the installation of the plugin, but AFAIK, these tables are removed with the uninstall process.

Yes, it is going to be a solution like that. I am curious how many IP's eventually will be eligible for the list. Ranges of IP's or just a dozen or hundreds ...

39 Sep 03, 2007 13:48

I have released a new version (0.3) of the DNS Trackback plugin for b2evolution. Announcemente and download [url=http://cronicaslinuxeras.com/antispam_plugin_for_b2evolution_version_03]here[/url]. This version implements (I believe) the suggestions made in this thread for a whitelist, editable in the backoffice. So far it is working, but more testing is required to discover new "trackback servers" if you will.

Thanks to all who have commented and helped in testing.

40 Sep 07, 2007 02:29

1. Daniel wrote:

Ok... if I understood the description of this plugin correctly it´s not the same what I´ve seen yesterday by sending a trackback to a site without having the exact same URL linked in my post. My trackback was denied but after I saw my error, I added the source URL directly in my post and send the trackback again, and this time it works... Is the DNS plugin the same or is that what I wrote another possibility to increase spam trackbacks... Is there a b2evo plugin available what does what I have described?

The basic antispam plugin (shipped with b2evo) has an option for this ("Check referers for URL"). This downloads the source and checks if it contains your URL.

2. I really like the idea of this plugin. Thanks, Austriaco!
If it would not need a whitelist, I'd add this functionality to the basic antispam plugin. But a whitelist gets to "advanced" IMHO.
But I'm not sure about it.

Maybe it makes sense to optionally hook into GetSpamKarmaForComment, to provide a score based on the observations made?


Form is loading...