1 balupton Mar 24, 2006 07:30
3 balupton Mar 24, 2006 11:12
isn't this how i report them.... I haven't looked that much into this type of spamming as it's never happened before.
EDIT:
How do i ban ip addresses as it's the only common thing in all the hits?
Plus
No log-hits match the keyword [195.225.176.160].
No comments match the keyword [195.225.176.160].
These are trackbacks so they are not comments.... And they have already happened, so neither methods mentioned above would apply?
4 edb Mar 24, 2006 12:10
This is not how you report them. This is how you share links to them, but not report them. ;)
I've had trackbacks off almost forever so I'm not too hip to the ins and outs, and it might be something funky in the 1.7 version you've got, but I thought you'd have a way to ban them via the back office. Do you get an email notification when you get the trackback? If so it should link to the trackback, and wouldn't that have a ban symbol?
IP banning is not handling by b2evolution. I use a utility from my host when I choose to ban an IP, and some folk just do it in .htaccess cuz they're smart like that, but the antispam feature of b2evolution works on the referer bit only: not the IP or any other techno-groovy thing that comes in headers. Therefore banning the 'common element' isn't going to help you. Bummer, but that's the way it is.
Go to your antispam tab and paste in the key bits of each of the offensive domains then click "whatever" and on the next page click "whatever" again, where "whatever" would be some actual text on a button. In other words manually ban some keywords. Sorry for not having the proper text in my head, but once you're on your antispam tab you'll see a field and a button and it'll all work. If I had your trackbacks I'd be banning:
.teendatingadvice.org and
.marrieddating.info and
.matchmakingdatingservice.net
The first one got two of the samples you provided, and it's possible (probable?) that you will not need to ban/delete/report 100 unique strings to capture 100 different trackback spams.
Trackback spam is just another form of comment spam. Unfortunately it is REALLY hard to nail because the trackback URL is completely predicatable and the spammer doesn't have to come anywhere near your blog to infect you with it's viral seed. Just knowing you exist as a b2evolution user is enough. Therefore almost all antispam measures known to man don't kill this particular strain.
I had a mongo-complex hack that stripped out IPs by hit type so's you could see if any particular IP needed to be banned, then banned it via your back office, but it was way too much for me to have taken on and will NEVER see the light of day in the 1.+ world cuz I can't figure out this whole 'sessions' thing. It's too confusing to me.
I turned off trackbacks. And pingbacks. Both are too geeky for me.
Hope it helps!
5 balupton Mar 24, 2006 12:15
Hmmm thats supprising that b2evo doesn't allow ip banning - Feature Request anybody :D
And i'm amazed that it doesn't scan the information it gets about the trackback, as you can see in my post it does collect information, but obviously there are words that should be banned....
Eg.
slutty housewives getting fucked.
How could that not get banned :S
Edit:
I've banned the domains in total 4 or 5, and over 100 trackbacks gone!
I used eg. 'mydomain.ext', does it matter? because there are things like '-mydomain.ext' and '.mydomain.ext' so whats the dif?
6 edb Mar 24, 2006 12:25
Oh but it could be banned! Simply ban that string of text via your antispam tab and it will never be allowed again. Report it too, but it's highly unlikely it'll become a keyword unless there are a heck of a lot of people reporting that exact string.
Personally, and this is only my opinion, I'm not a fan of IP banning. It is very likely that some IPs will be effective bans, but others will ban innocent people from getting through. I once found that the IP I had compliments of my ISP was deemed 'spammy' by one of those "here ban all these cuz we're fighting spam" things. I forget the letter acronym for them, but 1.8 will have a plugin that uses it. KMA!!! They ban IPs known to spam, which means if a spammer happens to use the same ISP as a person then the person suffers the stigma. Anyway that's why I like very specific keyword banning. The list is incredibly long now, and that's a drag, but we've no mechanism by which old stuff is reviewed and potentially removed from the list.
I'll betcha half a dollar (Canadian) that in the 1.8 world making a plugin to ban IPs will be as simple as a walk in the park on a Tuesday afternoon. Perhaps you'll think about building one when 1.8 is finally released? That is, assuming 1.8 happens before you and I and our grandchildren die of old age :roll:
7 edb Mar 24, 2006 12:28
Aw crap I forgot. a simple whoo-hack is to rename the htsrv folder. Part of the trackback URL is /htsrv/, so maybe that hack will help stamp out trackback spam? Simply rename the folder and tweak the variable that gets called in one of the files in the conf folder. admin maybe, or I dunno: one of those files in there.
8 edb Mar 24, 2006 12:32
balupton wrote:
I've banned the domains in total 4 or 5, and over 100 trackbacks gone! I used eg. 'mydomain.ext', does it matter? because there are things like '-mydomain.ext' and '.mydomain.ext' so whats the dif?
In that case I'd have gone the way you did because it makes your life easier. From an antispam admin viewpoint I'd have prefered to see one with a dash and one with a dot. I like to publish things with either a dot or a pair of slashes preceding the domain name so we can minimize false positives.
uglyspammer.com as a keyword would also ban iamnotanuglyspammer.com, but .uglyspammer.com or //uglyspammer.com would not. That's a reach but I'm sure you get the idea.
To be honest even though I admin the antispam I usually take the easiest approach to banning, then hope someone else did the more complex method :lol:
EDIT: or a dash preceding. Something to minimize false positives eh?
9 balupton Mar 24, 2006 12:44
EdB wrote:
Aw crap I forgot. a simple whoo-hack is to rename the htsrv folder. Part of the trackback URL is /htsrv/, so maybe that hack will help stamp out trackback spam? Simply rename the folder and tweak the variable that gets called in one of the files in the conf folder. admin maybe, or I dunno: one of those files in there.
Yer but i am constantly using CVS builds so thats not an option for me.
And the attack is continuing i just got 20 or so new trackbacks :'(
Somone make IP banning soon! :D
EDIT:
I guess what i should of done was banned the usernames seeing they are just as common as the domains, and the domains seem to be legit as far as i can see, i dunno, i'll continue with the domains, as any dating website doesnt really have any purpose on my blog.
10 edb Mar 24, 2006 12:56
Personally I'm about to undo the renamed directory thing since it doesn't seem to work for comment spam. The spammers aren't totally stupid ya know? I guess if I changed it weekly maybe I could keep ahead of them, but that's too much work.
I'm going to have to do a turing test for 1.6 that I can turn into something compatible with my version of 1.7, then create a plugin for the eventual 1.8 release.
Won't help you with trackback spam though!
11 balupton Mar 24, 2006 13:39
Alrite just got another 50 or so trackbacks im just gonna ban the users as the domains keep changing more than the usernames.
By user im reffering to the urlpart/~usr/anotherurlpart.
12 disciple Mar 24, 2006 16:10
I have 25 or so blogs set up for designers at our site and many of them have been hit as well in the same method as described above. I have now turned off my ping back and track back and banned the offending IP.
I too have looked for at least a bad word filter and not been able to find it. Is there one available?
I will be anxiously watching this thread to see if anyone else is having this issue.
Is there a bad word filter of plugin of somekind for B2?
Thanks
Rick
13 balupton Mar 24, 2006 16:13
the bad word filter is the antispam option in b2evo if im not mistaken, it bans keywords as well as words in addresses.
I went the method of banning parts of the address by just typing those in as a keyword.
Banning the two users that have been hitting me has worked so far... Originally i tried banning the domains but i can't be bothered banning more i've already banned 5 or so domains in the last few hours.
14 yabba Mar 24, 2006 19:16
I'll betcha half a dollar (Canadian) that in the 1.8 world making a plugin to ban IPs will be as simple as a walk in the park on a Tuesday afternoon.
it was a wednesday walk ;)
¥
15 thedreamer Mar 25, 2006 07:31
FWIW,
I got hit yesterday with a ton of trackback spam....only needed to ban one tld to get rid of them all.
And, then a couple hours later....another ton of trackback spam....ban another tld to get rid of them all.
Noticed that both times that they were all from the same IP....so I wondered if I could ban the IP....
Given that I previously installed this hack to do antispam by ip (and kept it working after I upgraded to 0.9.1).
http://wonderwinds.com/hackblog.php/2005/08/24/p588
I made some additional tweaks:
Though I'm sure it'll only be a matter of time that trackback spammers spoof 'their' IP....and randomize it, etc. As they do with referer spam....
Interesting thing that when I banned the IP....it reported tons of 'direct access' from the IP....a couple days earlier...as if to suggest that the bot too the effort of crawling my entire blog to get the trackback URLs....perhaps to overcome the fact that I had long ago renamed my htsrv directory.
The Dreamer.
16 balupton Mar 25, 2006 08:30
yer the bots would need to scan the site and get the trackback urls, the hstrv folder doesnt not matter for trackbacks.
17 village_idiot Mar 25, 2006 09:00
balupton wrote:
the hstrv folder doesnt not matter for trackbacks.
wrong again, check the path to your trackback url
18 mr__cherry Mar 27, 2006 03:07
Is anybody using cron to rename their htsrv file? I rename mine about every week and it's obviously not enough.
19 jynks Mar 27, 2006 04:47
How can I set the blog so only registered people cam post comments... I am getting trackbacks full of porn links and the like.
I would liketo have a user regester b4 posting and then it be admin only verified...
20 mr__cherry Mar 27, 2006 05:25
EdB's content moderation hack:
http://plugins.b2evolution.net/index.php/2005/09/06/comment_moderation
ban/delete/report them!