WordPress.org

Ready to get started?Download WordPress

Forums

Super Simple Anti Spam
[resolved] Trackback spam (21 posts)

  1. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    If you are getting spammed from trackbacks, please let us know and post the entire message and name from the trackback ( please remove the links ).

    Why we need this is to figure out a simple way to stop these type of spam too.

    Thanks you all!

    http://wordpress.org/extend/plugins/super-simple-anti-spam/

  2. webvitaly
    Member
    Posted 1 year ago #

    I am plugin developer and I am tired of spam trackbacks too.
    I hope we could invent some spam trackback blocking mechanism together.
    I will post url's, but I will modify them and I hope moderators will not close this topic because of these url's.

    Few spam trackback samples:

    name: Cheap Louis Vuitton Speedy handbags
    url: louisvuittonbagssaleonlineu(dot)webs(dot)com
    message: Cheap Louis Vuitton Speedy handbags…
    Replica Louis Vuitton Collection Replica Louis Vuitton Collection Replica Louis Vuitton Collection…

    name: tesc 789
    url: tes456(dot)org
    message: Great information...
    This is certainly astounding. Many people checked out the herb content material so we are astonished. We're attracted to this type of ideas. One appreciate your grocery store, and worth your time in this. Please keep add relevant content. They are sli...

    name: tes c789
    url: testc456(dot)or
    message: Great information...

    This can be fantastic. Persons checked out these tips video therefore we are thunderstruck. We are curious about this kind of products. Another appreciate you are place, and advantages doing inside this. Please keep cutting. They're sihnificantly pric...

    name: knockoff louis vuitton handbags wholesale
    url: knockofflouisvuittonhandbagswholesale(dot)blogspot(dot)com
    message: knockoff louis vuitton handbags wholesale...
    neutrals get just a hint of metallic glitz, louis vuitton hlouis vuitton handbags replicabags replica with hammered hardware louis vuitton hlouis vuitton handbags...

    name: URL
    url: QPNWk(dot)net
    message: ... [Trackback]...
    [...] Read More here: web-profile.com.ua/jquery/dev/jquery-remove-text-on-focus/ [...]...

    name: Homepage
    url: aVwdZaSt(dot)com
    message: ... [Trackback]...
    [...] There you will find 19997 more Infos: web-profile.com.ua/php/dev/php-remove-trailing-zeros/ [...]...

    name: AloneSolution.com
    url: alonesolution(dot)com
    message: Yahoo results...
    While browsing Yahoo I discovered this page in the results and I didn't think it fit...

    name: AloneRank.com
    url: alonerank.com
    message: Dreary Day...
    It was a dreary day here today, so I just took to messing around on the internet and found...

    name: vpn
    url: http://en(dot)wikipedia(dot)org/wiki/Virtual_private_network
    message: Internet sites we suspect it is advisable to check out...
    even though webpages we backlink to underneath are considerably not linked to ours, we think they are simply genuinely well worth a undergo, so have got a look...

    I have much more examples but I hope these are enough for the understanding the spam ideas.
    As you can see spammers use different methods.
    There are many unique URLs (like aVwdZaSt(dot)com) which never existed.
    Or there are wikipedia links for users could trust it.
    I didn't invented global blocking mechanism for spam trackbacks yet.
    Maybe you have some ideas about it.

  3. webvitaly
    Member
    Posted 1 year ago #

    by the way I also build anti-spam plugin. you may check out in the faq section how it works.
    but it does not block trackbacks :-(
    but I beleive that should be some method to block spam trackbacks

  4. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    Thank you for the good examples, me and the other coders will see if we can figure out a simple way to block this and still allowe real trackbacks.

    The urls that do not exists, could be one way to remove some of it. By checking the URL of the trackback.

  5. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    Togeather with my idea partner i might have found a way to identify spam trackbacks without it ever can be a false positive.

    Just need to figure out if its possible to post real trackbacks from NON wordpress blog.
    If it is possible, then this idea cannot be used :(

    Anyone know if it is...
    I know you can do a custom POST, but does any systems provide the trackback funtion?

  6. webvitaly
    Member
    Posted 1 year ago #

    I want to share with you some ideas and information about trackbacks.

    Difference between trackbacks and pingbacks:

    Both technologies are similar but not the same.

    Trackback is old technology.
    Trackbacks use HTTP POST communication technology.
    Trackback needs to have a URI entered manually.
    You don’t necessarily have to link to an article to send a trackback.
    Users rarely use trackbacks because it is require extra input. Spammers uses trackbacks because it is easy to cheat here.
    You can find the option to send a trackback at the bottom of each new post.
    Check out "Screen Options" tab ("Send trackbacks to:" option) while editing post.
    Just copy and paste the link to another article and you’ll send a trackback. - http://www.site.com/post-url/trackback/ ("/trackback/" is added to the post address).

    How trackback looks in comments section (notice the page title in strong tags) (html markup is removed from content):

    [strong]page title[/strong]
    page content...

    Pingback is newer technology than trackback.
    Pingbacks work automatically.
    Pingbacks use XML-RPC communication technology.
    The pingback automatically finds URI’s in the post and pings them.
    Pingbacks differ from trackbacks because you have to actually link to the article within your post to notify the author.
    Users use pingbacks very often because they work automatically. Spammers does not use pingbacks (because it is hard to cheat here).

    How pingback looks in comments section (notice the dots in square brackets) (html markup is removed from content):

    [...]page content[...]

    So everything I posted before are spam trackbacks (not pingbacks).

    So the best idea so far I invented is to check if many words from 'name' field are similar to 'url' or 'message' fields so it is spam.

    Trackback spam example:

    name: Cheap Louis Vuitton Speedy handbags
    url: louisvuittonbagssaleonlineu(dot)webs(dot)com
    message: [strong]Cheap Louis Vuitton Speedy handbags…[/strong]
    Replica Louis Vuitton Collection Replica Louis Vuitton Collection Replica Louis Vuitton Collection…

    I hope this information could be useful.
    Please correct me if I am wrong somewhere.

  7. webvitaly
    Member
    Posted 1 year ago #

    Users does not use trackbacks. But spammers does. But users use pingbacks. Spammers cannot use them because backlinks are checked.

    I think I solve the problem of spam in trackbacks in Anti-spam plugin. I just disabled trackbacks. :)

    Pingbacks are enabled and it is enough for connection between different sites.

  8. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    i have seen a few use the trackback, that is the reason i dont want to block the function.

    I have not been able to find out if other systems can post trackbacks, or its only WP. Yet. Still looking :D

  9. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    Plugin updated and i think i got a good way of stopping trackback spam, without turning it OFF or using something maybe not all users do not have access to.

    The upadted checks if the blog that is sending the trackback is an auctually WordPress blog. If it is, then it will allow the trackback. If not... die();

  10. webvitaly
    Member
    Posted 1 year ago #

    You implemented an interesting idea. It is much better than my radical way with just turning trackbacks off ;)

    But as I know trackbacks work not only on WordPress sites:

    The TrackBack specification was created by Six Apart, which first implemented it in its Movable Type blogging software in August 2002. The TrackBack has since been implemented in most other blogging tools. Six Apart started a working group in February 2006 to improve the Trackback protocol with the goal to eventually have it approved as an Internet standard by the IETF.

    Did you thought about it? Or you are not planning to support trackbacks from non-WordPress sites?

  11. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    I did think about the non wordpress sites, but. I didnt find any large blogging system that auctually have a trackback funtion in place. When i do, i will update the code to allow that system too.

  12. webvitaly
    Member
    Posted 1 year ago #

    I checked your approach and it should work pretty good.
    All real trackbacks have in 'comment_agent' param something like this: 'WordPress/3.5.1;...'
    And spam trackbacks have in 'comment_agent' some default user agent info (for example: 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3') or empty at all.

    You invented great algorithm to block spam in trackbacks.
    Can I use it in the next release of Anti-spam plugin?

  13. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    Yes you can use it in your next release.

  14. webvitaly
    Member
    Posted 1 year ago #

    I checked the usage of the trackback (not pingbacks) and the percentage of users who use it very low.
    I decided not to add your code to plugin. At least yet.
    I think that trackbacks is pretty useful but majority of users thinks in a different way.
    Time will show if trackback technology is needed for users.

  15. dicm.dk
    Member
    Plugin Author

    Posted 1 year ago #

    Closing this. No need for it. Most of the trackback spam does goe away with this now :)

  16. webvitaly
    Member
    Posted 6 months ago #

    Hello.
    About 8 month past since last reply in this topic.

    As I already told, I disabled trackbacks by default in the Anti-spam plugin (but pingbacks left enabled).

    The results during last 8 months: Users never complained about disabled trackbacks since than.
    But after disabling trackbacks users stopped complaining about spam coming from trackbacks.

    My conclusion: The trackbacks is a dead technology and it is used only by spammers now. I think it should be disabled by default.

    Do you have some other news about trackbacks?

  17. dicm.dk
    Member
    Plugin Author

    Posted 6 months ago #

    Out of the past 1000 comments, my system have detected 3 as not spam. So really rare its in use.

  18. webvitaly
    Member
    Posted 6 months ago #

    These 3 comments were trackbacks or pingbacks?

  19. dicm.dk
    Member
    Plugin Author

    Posted 6 months ago #

    Trackbacks.

  20. webvitaly
    Member
    Posted 6 months ago #

    It's about 0.3%.

    IMHO it is still very low to support trackbacks.

  21. dicm.dk
    Member
    Plugin Author

    Posted 6 months ago #

    yes very low :)

    I will in future disable the function completly in my plugin, and for real comments use my API server to validate a comment.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic