Posted 8 years ago #
I've been in a battle with a spammer lately. Got hit one day with 2,000 comments. I've since used a plugin to require commenters to enter a string shown in an image.
Great. Now a spammer (same guy?) is coming at my with trackback-spam.
He pings the correct URL, and voila, his junk messages appear with comments.
I've gotten rid of trackbacks for now, but I do like having them available.
Has anyone else had this problem? What can be done to combat/prevent this?
Posted 8 years ago #
A lot of this seems to be going around today:
http://wordpress.org/support/topic.php?id=19947
http://wordpress.org/support/topic.php?id=19944
Posted 8 years ago #
I'm getting hit as well. Must be the new thing.
I'm going to turn off trackbacks until someone figures out a fix....
Having the same problems, aint logging fun?
How can I turn off trackbacks?
Posted 8 years ago #
Seconding the request for info on turning off trackbacks on old posts ... like many others, I'm getting bombarded now. Thanks for your help!
Posted 8 years ago #
Ok whats the easiest way or the hardest one to stop Trackback spam.... Nothing seems to stop it. :(
I've set file permissions for wp-trackbacks.php to 000. I'm trying it out right now and monitoring it to see if the trackback spam stops. It can't hurt, that's for sure.
Posted 8 years ago #
They can't use markup or anything in trackbacks, so they're relying on a few key words as the author name. I'd suggest adding these to your moderation keys.
as far as I know moderation keys dont work on trackbacks, the spam im getting contains many words already in the mod keys
In your admin CP, under Options > Discussion, uncheck "Allow link notifications from other Weblogs (pingbacks and trackbacks.)". I'm not sure what else to do for now. I think it's working?
Posted 8 years ago #
btvillarin, it only affects posts after the settings have been changed. Not the ones before it.
Thanks Ed - I think I figured it out the hard way. At least I didn't say I solved it when it really wasn't! ;)
Posted 8 years ago #
Hehe :P
Anyway, back to the problem...
Also, since that option mentioned above would only apply to new posts, what about the old ones? Is there a query I can run in my database to uncheck all previous posts that were allowing pings? Maybe if I do that, I won't have to moderate all my comments...
Posted 8 years ago #
Anyone up for trying a new, completely untested Trackback Spam Stopper hack?
I'm at work, so I won't try it out until I get home. In any case, thanks for whipping something up so quick, Joe! I hope it works well. =)
I have just installed see and am curious what's going to happen. Let's pray the bots are stupid enough for now.
Posted 8 years ago #
Two days ago I was hit with hundreds of spam comments, even though I auto-shut off comments after two weeks. I plugged in Spam Karma and that stopped the spammers. Today, I've been hit with a flood of bestiality/incest trackbacks. I'm going to try the Trackback Spam Stopper. Thank you for that.
Thanks to O.F. Jay, I was able to disable pinging for all my older posts. Run this query in the SQL field in phpMyAdmin for your WP database:
Update wp_posts
set ping_status = "closed"
where post_date < "2005-01-05"
In addition to my post above, I don't think I'll be seeing spam until pingbacks and trackbacks are made separate. Either that, or Joe's Trackback Spam Stopper will do the job. ;)
Edited the erroneous usage of double quotes before - full temporary workaround posted here (which is the same link as I posted below).
Posted 8 years ago #
FAILURE :-(
Looks like my hack didn't work. I just got another flood of beastiality porn spam.
Oh well, back to the drawing board...
Posted 8 years ago #
If the spamware is using trackback the same way most blogging software does, it is scanning the html page for the hidden "rdf:RDF" block("trackback:ping="), and using that info to send the trackback.
As long as your plugin alters the RDF block to reflect the new trackback URL, the spammer will have no trouble sending the trackback.
I posted a workaround, if anybody's interested:
http://blogged.btvillarin.com/2005/01/05/goodbye-trackback-spam/
Posted 8 years ago #
btvillarin - only one problem:
"#1054 - Unknown column 'closed' in 'field list'"
BTW... Not all people are necessarily running the table as wp_posts.
Posted 8 years ago #
If you don't mind disabling all trackbacks for now, rather than hacking your database, why not just remove wp-trackbacks.php (well, save it with another file name for future reference).
That's what we did and it worked a treat!
Anne
Posted 8 years ago #
ARG! Just got another spam flood!
Posted 8 years ago #
Hi Philaweb - I had the same problem. The SQL is good, but you need to check the quotes.
This worked for me...
UPDATE blog_posts SET ping_status = closed ;
Posted 8 years ago #
pulpmovies - thanks for your help.
I'm trying to see the result of the file rename hack.
Will keep the SQL solution as backup. :)
Fortunately I'm able to see spammer details in my stats. The spammer uses Win ME and IE 5.5 with all hits. Most of the hits are warped via US ISP's - cox.net, comcast.net and chartermi.net.
Posted 8 years ago #
I used two different hacks to combat trackback spammers. First, I enabled blacklist checking for moderation. Adding the words sex, rape and incest to the blacklist blocked the majority of trackbacks I was getting. That stopped them going on the site, but I was still getting emails.
I followed anothers advice on these boards to change the default action in /wordpress/wp-admin/moderation.php from "Do nothing" to "Delete" so all I had to do was load the page and hit the submit button at the bottom and they went away.
Later, I noticed all of my spam trackbacks pointed back to the gogof-ck.com domain. This hack to /wordpress/wp-trackback.php made trackbacks that go to that url go away:
Immediately after the
@header('Content-Type: text/xml');
line add:
/* TBK ADD */
$pos = stristr($tb_url, "gogof-ck.com");
if ($pos !== FALSE) {
trackback_response(1, "Damn spammer.");
}
/* TBK ADD end */
Fixed that, at least for that host.
Posted 8 years ago #
now all we need to do is to make that hack work for a whole blacklist...
This topic has been closed to new replies.
