Support » Fixing WordPress » combat new trackback spam

  • I have successfully locked down comment spam using several diff techniques that work for me. Over the weekend, like a few others I was hit by the magazine trackback spammer.

    Though im messing with a few things to nip that potential problem in the bud — another quick and dirty method occurred to me:

    Since spammers know the name of the default files, wp-comment, wp-trackback, etc.. why not remame wp-trackback.php to something unique.. I renamed the file, and found the only 2 references to it (within functions.php and template-functions-comment.php) and changed those. A quick test to see if it worked resulted in a 404 (obviously not what I wanted)

    I guess my question is why didnt that work? The RDF autodiscovery is what takes care of finding the trackback URL, and as long as ive renamed the file and any ref’s to it to the same thing.. it *should* work, yes?

    Has anyone else done this successfully? If so i would be interested in knowing exactly what they did.

    thanks a ton!

    wordpress 1.2.2 Mingus btw

Viewing 15 replies - 1 through 15 (of 15 total)
  • I am not sure why it did not work but there is a bigger issue at hand:

    Generally, renaming the file does not help combat any type of spam because the spam spiders/bots actually read the source code to find out where the file is going. Therefore, you could change the name to anything you want and update it as frequently as you want but since they are scanning the source you’d hardly even make a dent.

    i disagree, and that isnt what i asked. I, as well as many others, have renamed wp-comments and I can SHOW you in my logs where they have gone after THAT file name and gotten the 404 since its been renamed.

    Ive debated that assumption ad nauseum on other sites — the fact tis that spammers do NOT read source (currently) because they dont have to) A simple google search will give them 100’s of thousands of blogs that use the default names. We, typically, dont even make them work to bother us.

    My 12-year-old niece uses advanced guestbook — she used to get hit 20 times a day with gb spam. I, after looking at the Apache logs, and SEEING that they were accessing the page responsible for posting directly, renamed the file. The spam is gone, and its been monthes.

    Check your apache logs sometime.

    Thats besides the point however since I didnt ask that question, isnt it?

    Moderator James Huff


    Volunteer Moderator

    I must disagree again. Renaming my comment file did wonders for about two months. Last month, however, the spam came by the hundreds and renaming the file again did no good. WP-HashCash is now keeping them at bay. But, you didn’t ask that question.

    youre right i didnt, so once again …
    aside from renaming the file itself, and the 2 references i mentioned above, is there anything else that needs to be changed?

    nm, ive figured it out — it was my .htaccess reference that i missed.

    For the record, its a shame that people need to basically pipe in and offer info thats not asked for. I realize that lots of people come here and might not have any idea what they want to do, but when asked a specific set of questions, I think its counterproductive to the original poster to offer more than or something different than what was requested.

    If i had wanted to discuss whether or not “A” works or doesnt, I would have written my original post as such, and asked for someone else’s experience. I didnt, so that obviously wasnt what I was looking for.

    Yo really need to watch that blood pressure, Whooami. We all deal with the spam. We all do what we can to the best of our abilities, (mine being mostly none). What none of us need, however, is to catch grief from fellow WP users as well as the spam bots.
    Stand down.

    Pipe in —- is that the Unix pipe? Maybe we’ll just ignore you in future.

    Oh and for the record, your flame included the phrase:

    …but when asked a specific set of questions…

    yet your first post included:

    I guess my question is…

    Not very convincing for a ‘specific question’. Maybe you should spend more time figuring out the solution yourself, before asking for advice, if you don’t like what you get back – since you appear to have solved the problem yourself anyway after finding WP users advice so unhelpful.

    lol, flame? whatever. a flame would have included personal insults or maybe something that tagged it as trolling, precisely what your 2 posts are — trolling posts.
    Spend a little time on usenet if you need a proper definition of a flame. I was stating my disappointment at getting answers to questions I didnt ask, or even unsolicited commentary on my efforts — nothing else, nothing more.

    As for ‘my’ fix, its working flawlessly. Not a single piece of trackback spam (knock on wood)

    last, andymerrett, I’ll just remark briefly on the attempt at putting words in my mouth, or posts, in this case…
    “…after finding WP users advice so unhelpful.”

    thats your take, not mine, and I said nothing of the kind. I used the word counterproductive, and was only trying to adress the 2 replies to me. Others may find that approach helpful, I simply do not.

    Generally speaking, I think there are plenty of good intentioned people here.

    Have a nice day 🙂

    Navid wasn’t necessarily speaking to you with his nonanswer. I know that you may feel a proprietary interest in the thread as the person who started it, but lots of people are in here searching for answers to the problem. (As several members and all the developers are always encouraging everyone to do before asking question). He was wanting to make sure that no one else took your solution as the end-all-be-all if they read this thread, since it may not be. Other than the two seconds it took you to read his answer and the substantial time you’ve spent arguing about it, I don’t think it was particularly counterproductive for you and it may have been very productive for someone else reading this thread.

    But even aside from all that, it’s often like pulling teeth in this forum to get an answer other than “do a search” (even after you’ve searched exhaustively) so complaining about an answer, any answer, is what’s really “counterproductive.”

    Just speaking for myself, since I’m having the trackball spam problem and don’t know what to do about it (screaming doesn’t seem to help), so today I searched on ‘trackball spam’. Since the title of this is ‘combat new trackback spam’ it was exactly what I was looking for. Had it been titled ‘renaming the wp-trackback file’ I don’t think I would have found or looked at it. The discussion about the effectiveness of renaming the file has been very productive for me. I will be trying it and post back if it stops this sort of spam.

    Moderator James Huff


    Volunteer Moderator

    I jsut installed Spam Karma on my wp 1.5. Does Spam Karma work well at fighting trackback spam?

    up until about 72 hours ago i was getting anywhere from a 100 plus comment spam and about 10 or so trackbacks ‘daily’ ..that apparently was being used by spam scum to send even more spam out.

    i turned anything related to trackback off, installed spaminator, loaded up the blacklist and was still getting spam galore except it was at least held at bay in moderation and email alerts ..still annoying ..then i was told to delete my wp-tracback php file ..i did.

    in the past 72 hours i have only gotten mayb 4 comment spam (knock on wood) if you have no real use for trackback seems like deleting that file is a great idea (knock on wood again twice)

    i dont know about 1.5 as i am being lazy with all that file changing ..spose i’ll get around to it.
    again in the meantime delete wp-trackback.php ..thx to macmanx if your having probs with spam scum… (knock on wood) :-/

    screw wood ..that puke magot is back he/she changes words and domain names continously even using french, german etc ..most likely to avoid the blacklist..

    man cant someone catch this piece of garbage and pour acid over them slowly ..better yet just feed him continous mega doses of LSD

    Moderator James Huff


    Volunteer Moderator

    Try Spam Karma. It keeps up-to-date with Real Time Blacklists.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘combat new trackback spam’ is closed to new replies.