This is a hack for version 1.8 instead of a plugin because I wanted to get 'er done now instead of someday several years from now when I have a vague understanding of how plugins work. This hack converts your post ID from a base-10 number to it's base-16 equivalent, then adds a character you select to the beginning and end of the hexadecimal ID. When you get a trackback this hack will check to see if the preceding and trailing characters match what you set them to, remove them if they match, then convert the hexadecimal number back to it's decimal equivalent. If the ID the trackbacker provides doesn't match your chosen characters the hack stops the trackback. After a while the spammers will have indexed (or googled) a post of yours with your chosen characters, so you'll be subjected to spam again. Not a problem because all you have to do is go to your 'App settings' tab and change your preceding or trailing or both characters.
1: Modify your database:
Much like [url=http://forums.b2evolution.net/viewtopic.php?t=8142]the original 0.9.2 version[/url] you need to add two fields to your settings table. Using phpmyadmin or something similar, and recognizing that you might not have 'evo_' table prefixes, add two new fields with this SQL statement:
INSERT INTO `evo_settings` ( `set_name` , `set_value` )
VALUES (
'trackback_aspm_before', 'z'
);
INSERT INTO `evo_settings` ( `set_name` , `set_value` )
VALUES (
'trackback_aspm_after', 'p'
);
2: Edit htsrv/trackback.php:
You will need to edit htsrv/trackback.php so that the hexadecimalized and modified trackback ID gets converted back into a real trackback ID. Find this bit:
param( 'tb_id', 'integer' );
param( 'url', 'string' );
param( 'title', 'string' );
param( 'excerpt', 'html' );
param( 'blog_name', 'string' );
if( empty($tb_id) )
{ // No parameter for ID, get if from URL:
Now make it be like this instead:
param( 'tb_id', 'string' ); // was 'integer' - changed for hexaspammer hack
param( 'url', 'string' );
param( 'title', 'string' );
param( 'excerpt', 'html' );
param( 'blog_name', 'string' );
// Begin hexaspammer hack
$leading_adder = $Settings->get('trackback_aspm_before');
$trailing_adder = $Settings->get('trackback_aspm_after');
if( $leading_adder != '' ) { // Did we use a preceding character?
if ( $tb_id{0} == $leading_adder ) { // Is the first character the preceding character?
$tb_id = substr( $tb_id, 1 );
} else { // if the preceding character is not nothing and it doesn't match then this is a spammer
die();
}
}
if( $trailing_adder != '') { // Did we use a following character?
if( $tb_id{strlen($tb_id)-1} == $trailing_adder ) { // Is the last character the trailing character?
$tb_id = substr( $tb_id, 0, -1 );
} else { // if the trailing character is not nothing and it doesn't match then this is a spammer
die();
}
}
$tb_id = hexdec( $tb_id );
// End hexaspammer hack
if( empty($tb_id) )
{ // No parameter for ID, get if from URL:
3: Edit /inc/CONTROL/settings/settings.php:
This edit tells b2evolution to update the database when you change your preceding and trailing characters. Find at line 94 this bit:
$Request->param_integer_range( 'user_minpwdlen', 1, 32, T_('Minimun password length must be between %d and %d.') );
$Settings->set( 'user_minpwdlen', $user_minpwdlen );
$Request->param_integer_range( 'reloadpage_timeout', 0, 99999, T_('Reload-page timeout must be between %d and %d.') );
$Settings->set( 'reloadpage_timeout', $reloadpage_timeout );
Replace that with this:
$Request->param_integer_range( 'user_minpwdlen', 1, 32, T_('Minimun password length must be between %d and %d.') );
$Settings->set( 'user_minpwdlen', $user_minpwdlen );
// Begin hexaspammer hack
param( 'trackback_aspm_before', 'string', true );
$Settings->set( 'trackback_aspm_before', $trackback_aspm_before );
param( 'trackback_aspm_after', 'string', true );
$Settings->set( 'trackback_aspm_after', $trackback_aspm_after );
// End hexaspammer hack
$Request->param_integer_range( 'reloadpage_timeout', 0, 99999, T_('Reload-page timeout must be between %d and %d.') );
$Settings->set( 'reloadpage_timeout', $reloadpage_timeout );
4: Edit /inc/MODEL/items/_item.class.php:
This edit will create your customized hexadecimal trackback ID. Basically we will add a character before and after the trackback ID after converting from decimal to hexadecimal. Find this bit around line 2011:
function get_trackback_url()
{
global $htsrv_url, $Settings;
if( $Settings->get('links_extrapath') )
{
return $htsrv_url.'trackback.php/'.$this->ID;
}
else
{
return $htsrv_url.'trackback.php?tb_id='.$this->ID;
}
}
Replace that with this:
function get_trackback_url()
{
global $htsrv_url, $Settings;
$leading_adder = $Settings->get('trackback_aspm_before');
$this_tb_id = $this->ID;
$trailing_adder = $Settings->get('trackback_aspm_after');
$this_tb_id = $leading_adder.dechex($this_tb_id).$trailing_adder;
if( $Settings->get('links_extrapath') )
{
return $htsrv_url.'trackback.php/'.$this_tb_id;
}
else
{
return $htsrv_url.'trackback.php?tb_id='.$this_tb_id;
}
}
5: Edit inc/VIEW/settings/_set_general.form.php:
This part of the hack lets you change your preceding and trailing characters. This hack loses effectiveness if you don't have at least one of these characters, but you can leave the other blank if you wish. You WILL need to change them from time to time because sooner or later the spammers will index one of your posts with your customized hexadecimal trackback ID. At line 122 find this bit:
$Form->end_fieldset();
$Form->begin_fieldset( T_('Miscellaneous options') );
Replace that with this:
$Form->end_fieldset();
// Begin hexaspammer hack
param( 'trackback_aspm_before', 'string', '' );
param( 'trackback_aspm_after', 'string', '' );
$Form->begin_fieldset( T_('Trackback antispam options') ); ?>
<p>These two fields work together to further confuse the spammers. Your trackback ID is your post ID converted to it's hexadecimal equivalent AND preceded by the first variable AND followed by the second variable. By changing these you create a trackback ID that is unique for your blog.</p>
<?php
$Form->text_input( 'trackback_aspm_before', $Settings->get('trackback_aspm_before'), 2, T_('Preceding Character'), array( 'note'=>T_('Single character (a - z, A - Z, 0 - 9) to add BEFORE your hexadecimalized trackback ID.'), 'maxlength'=>1, 'required'=>true ) );
$Form->text_input( 'trackback_aspm_after', $Settings->get('trackback_aspm_after'), 2, T_('Trailing Character'), array( 'note'=>T_('Single character (a - z, A - Z, 0 - 9) to add AFTER your hexadecimalized trackback ID.'), 'maxlength'=>1, 'required'=>true ) ); ?>
<p>When the spammers get you again, and they will, you simply change one or both of these values.</p>
<?php
$Form->end_fieldset();
// End hexaspammer hack
$Form->begin_fieldset( T_('Miscellaneous options') );
Upload everything, go to your back office and visit your 'App settings' tab, and pick whatever characters you like. Always use at least one, and you might as well use both.
---------------------------
Wanna test this hack before using it? My blog is linked below (buttons - not sig file), so do a trackback to any post and see if it works. If it doesn't then this is a crappy hack. When it does work you'll be free of trackback spam ... until the next time.
General Support
b2evolution CMS Support Forums
I could write this into a plugin, for your studying pleasure, but I fear that this method is not very effective. All they would have to do is get the page, before they send trackbacks to them and I think this is what they already have done, if they put up a page / copy your contents..
Anyway, I've just added the DisplayTrackbackAddr hook also for 1.8.1, which could be used for this (though you would want to use another, not yet existing hook - "FilterItemTrackbackAddr").