“This was just a thought, but if each of us changed the file name of our wp-trackback.php file (and changed all references to said file to its new name in the WP-files), would that stop trackback spam?”
This is also used to stop comment spam. It can work (as the simplest method for a spam tool to throw you a trackback would be to know the file’s name instead of having to trawl for trackback URLs), but only temporarily.
For those using custom permalinks, it would also require modifying the WordPress source, so WP knows the filename.
As for other tricks in hiding it, those would eventually be subjected to *the trawl*.
A good thing to keep in mind is that we may not stop spammers (short of strong comment registration, turning off trackbacks, and other stringent methods of shoring up), but we can keep ahead of them.
Then, if the process of changing the trackback link was automated inside of WP, couldn’t it just be changed again? I’m just getting tired of having to delete the trackbacks from my moderation queue. Would be nice if we could at least have a way to comments/trackbacks with certain words in them or comments/trackbacks from certain IPs or authors instead of having them dump into moderation.
Again, just some thoughts.
There are plugins out there that do just that pete.
And with 1.5 there’s a blacklist built right into WP to vaporize any comment/tb/pb with the words you specify.
Well now it seems the spammers have moved to porn. Bloody fantastic. I actually had spam nailed with a platoon of different plugins and hacks with 1.21, now that I have upgraded to 1.5 it back and they have hit the throtle much harder this time.
Have we actually got ONE solution for this rubbish for 1.5. I know we have the black list and the other one that nukes posts with what ever keywords are in it. But enabling registers users may only post a comment does not work as I would think it would. One still has to clean out the moderation folder every day and now because of the volume, I have turned off email notification…
Anyone….?
cheers
Paul V
Perhaps using the Robots text file in the root of WP and disallowing them access to comments?? Dont know really but putting the comments.php file in its own folder, changing the address reference to it in the other pages and
disallow – what ever the folder name is?
It may be crap idea as I know nothing about what I am saying but…
just throwing stuff about here…
cheers
Paul V
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Only legitimate robots obey robots.txt. Spam bots are not legitimate robots. Your golden solution is Spam Karma: http://unknowngenius.com/blog/wordpress/spam-karma/
I love Spam Karma for preventing spam comments, but it isn’t doing diddley squat for preventing spam trackbacks.
“A good thing to keep in mind is that we may not stop spammers (short of strong comment registration, turning off trackbacks, and other stringent methods of shoring up), but we can keep ahead of them.”
Commenters on my site must be members, and I’ve turned off pingbacks and trackbacks. But I still get spam on 1.5. Any ideas?
Try Refer Karma. I haven’t used it yet, but it should be modifiable to be used with trackbacks. The reason I haven’t used it yet is because it hasn’t been an issue since I into my .htaccess file.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Referrer Karma does not protect trackbacks, nor does it protect comments. Its original intent was to keep your statistics and logs free of referrer spam. It only blocks certain referrers from visiting your site. As such, it will also block some spam bots. I would recommend Referrer Karma, as it has cut my spam from 80+ per day to 3 at most, but keep in mind that it does not protect comments and trackbacks directly.
Referrer Karma will actually help out with trackbacks. You can include RK on your trackback page, and any other PHP page that you want protected. If a computer is flagged by RK as a spammer then RK will block the IP for whatever time you have set up. This has nothing to do with what type of page is being accessed. It is just tracking behavior and making a decision based on that.
The blocking occurs in the .htaccess file so your whole site is protected for the time period, regardless of the spammer’s entry point. It started out as a way to keep logs clean and is actually much more useful. Also check out this article by Tom Raftery.
ref karma hasnt done a thing to help my recent refs, the logs say it blocked attempts yet they all show up in my recent refs stats..
