WordPress.org

Ready to get started?Download WordPress

Forums

Trackback Spam (47 posts)

  1. mork
    Member
    Posted 9 years ago #

    I've been in a battle with a spammer lately. Got hit one day with 2,000 comments. I've since used a plugin to require commenters to enter a string shown in an image.

    Great. Now a spammer (same guy?) is coming at my with trackback-spam.

    He pings the correct URL, and voila, his junk messages appear with comments.

    I've gotten rid of trackbacks for now, but I do like having them available.

    Has anyone else had this problem? What can be done to combat/prevent this?

  2. TheRoss
    Member
    Posted 9 years ago #

  3. dparmet
    Member
    Posted 9 years ago #

    I'm getting hit as well. Must be the new thing.

    I'm going to turn off trackbacks until someone figures out a fix....

  4. boneless
    Member
    Posted 9 years ago #

    Having the same problems, aint logging fun?
    How can I turn off trackbacks?

  5. dormousie
    Member
    Posted 9 years ago #

    Seconding the request for info on turning off trackbacks on old posts ... like many others, I'm getting bombarded now. Thanks for your help!

  6. Kunjan
    Member
    Posted 9 years ago #

    Ok whats the easiest way or the hardest one to stop Trackback spam.... Nothing seems to stop it. :(

  7. I've set file permissions for wp-trackbacks.php to 000. I'm trying it out right now and monitoring it to see if the trackback spam stops. It can't hurt, that's for sure.

  8. Matt Mullenweg
    Troublemaker
    Posted 9 years ago #

    They can't use markup or anything in trackbacks, so they're relying on a few key words as the author name. I'd suggest adding these to your moderation keys.

  9. boneless
    Member
    Posted 9 years ago #

    as far as I know moderation keys dont work on trackbacks, the spam im getting contains many words already in the mod keys

  10. In your admin CP, under Options > Discussion, uncheck "Allow link notifications from other Weblogs (pingbacks and trackbacks.)". I'm not sure what else to do for now. I think it's working?

  11. EdPham
    Member
    Posted 9 years ago #

    btvillarin, it only affects posts after the settings have been changed. Not the ones before it.

  12. Thanks Ed - I think I figured it out the hard way. At least I didn't say I solved it when it really wasn't! ;)

  13. EdPham
    Member
    Posted 9 years ago #

    Hehe :P

    Anyway, back to the problem...

  14. Also, since that option mentioned above would only apply to new posts, what about the old ones? Is there a query I can run in my database to uncheck all previous posts that were allowing pings? Maybe if I do that, I won't have to moderate all my comments...

  15. Joe
    Member
    Posted 9 years ago #

    Anyone up for trying a new, completely untested Trackback Spam Stopper hack?

    Trackback Spam Stopper

  16. I'm at work, so I won't try it out until I get home. In any case, thanks for whipping something up so quick, Joe! I hope it works well. =)

  17. tcloer
    Member
    Posted 9 years ago #

    I have just installed see and am curious what's going to happen. Let's pray the bots are stupid enough for now.

  18. sylday
    Member
    Posted 9 years ago #

    Two days ago I was hit with hundreds of spam comments, even though I auto-shut off comments after two weeks. I plugged in Spam Karma and that stopped the spammers. Today, I've been hit with a flood of bestiality/incest trackbacks. I'm going to try the Trackback Spam Stopper. Thank you for that.

  19. Thanks to O.F. Jay, I was able to disable pinging for all my older posts. Run this query in the SQL field in phpMyAdmin for your WP database:

    Update wp_posts
    set ping_status = "closed"
    where post_date < "2005-01-05"

    In addition to my post above, I don't think I'll be seeing spam until pingbacks and trackbacks are made separate. Either that, or Joe's Trackback Spam Stopper will do the job. ;)

    Edited the erroneous usage of double quotes before - full temporary workaround posted here (which is the same link as I posted below).

  20. Joe
    Member
    Posted 9 years ago #

    FAILURE :-(
    Looks like my hack didn't work. I just got another flood of beastiality porn spam.

    Oh well, back to the drawing board...

  21. TheRoss
    Member
    Posted 9 years ago #

    If the spamware is using trackback the same way most blogging software does, it is scanning the html page for the hidden "rdf:RDF" block("trackback:ping="), and using that info to send the trackback.

    As long as your plugin alters the RDF block to reflect the new trackback URL, the spammer will have no trouble sending the trackback.

  22. I posted a workaround, if anybody's interested:

    http://blogged.btvillarin.com/2005/01/05/goodbye-trackback-spam/

  23. philaweb
    Member
    Posted 9 years ago #

    btvillarin - only one problem:
    "#1054 - Unknown column 'closed' in 'field list'"

    BTW... Not all people are necessarily running the table as wp_posts.

  24. shedevil
    Member
    Posted 9 years ago #

    If you don't mind disabling all trackbacks for now, rather than hacking your database, why not just remove wp-trackbacks.php (well, save it with another file name for future reference).

    That's what we did and it worked a treat!

    Anne

  25. Joe
    Member
    Posted 9 years ago #

    ARG! Just got another spam flood!

  26. pulpmovies
    Member
    Posted 9 years ago #

    Hi Philaweb - I had the same problem. The SQL is good, but you need to check the quotes.

    This worked for me...

    UPDATE blog_posts SET ping_status = closed ;

  27. philaweb
    Member
    Posted 9 years ago #

    pulpmovies - thanks for your help.
    I'm trying to see the result of the file rename hack.
    Will keep the SQL solution as backup. :)

    Fortunately I'm able to see spammer details in my stats. The spammer uses Win ME and IE 5.5 with all hits. Most of the hits are warped via US ISP's - cox.net, comcast.net and chartermi.net.

  28. TromboneKenny
    Member
    Posted 9 years ago #

    I used two different hacks to combat trackback spammers. First, I enabled blacklist checking for moderation. Adding the words sex, rape and incest to the blacklist blocked the majority of trackbacks I was getting. That stopped them going on the site, but I was still getting emails.

    I followed anothers advice on these boards to change the default action in /wordpress/wp-admin/moderation.php from "Do nothing" to "Delete" so all I had to do was load the page and hit the submit button at the bottom and they went away.

    Later, I noticed all of my spam trackbacks pointed back to the gogof-ck.com domain. This hack to /wordpress/wp-trackback.php made trackbacks that go to that url go away:

    Immediately after the
    @header('Content-Type: text/xml');

    line add:

    /* TBK ADD */
    $pos = stristr($tb_url, "gogof-ck.com");
    if ($pos !== FALSE) {
    trackback_response(1, "Damn spammer.");
    }
    /* TBK ADD end */

    Fixed that, at least for that host.

  29. somebaudy
    Member
    Posted 9 years ago #

    now all we need to do is to make that hack work for a whole blacklist...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.