Support » Everything else WordPress » Recent flood of SPAM via ping/trackback

  • Hi everyone,

    I don’t know if someone else has the same problem, but in the last 2 weeks my blog is litterally inundated with SPAM by someone using the ping/trackback feature.

    I say “someone” because it is always the same IP address, and he always posts the same message.

    I’ve been using the Spam Karma plug-in for well over a year now, and it does wonders.

    But just like WordPress itself, ping/trackback SPAM seems to get right through.

    I’ve added that dickhead’s fixed IP address in both WordPress and Spam Karma’s black lists, but it makes no difference, they keep pouring in every 10 minutes.

    Is there a way to tell WordPress to retroactively disable ALL previous post’s trackback? Meaning, short of having to individually go through 5 years of editing every single post and disable the ping feature on each of them, is there a magic button I can press to say “ok, WordPress, go disable ping on ALL previous posts”?

    I now have ping/trackback disabled by default for all new posts, but it doesn’t help me much, because that dickhead is pinging his SPAM randomly on all previous posts over the last few years (which were then by default ping enabled)

    Thanks in advance

Viewing 14 replies - 1 through 14 (of 14 total)
  • If you have his IP address (and it’s always the same one), try putting this in your .htaccess file:

    Deny from 111.222.333.444

    That may deny him access to your website at all.

    Hey DianeV,

    Thank you so much for replying. I have heard of this .htaccess file before, but never fiddled with it and confess complete ignorance.

    Using FTP, I looked around the site but can’t seem to find it. I went into subdirectories, poked around everywhere but no luck.

    I also tried looking in the “Admin” section of WordPress itself, but again, no luck.

    Would you be so kind as to give me the basic clues on how to go about accessing/editing this “magic” .htaccess file?

    Is it simply a case that it doesn’t exist until I create one? But if so, how can one create in W2K a file that doesn’t have a nme, but only an extension?

    Thank you again for your response. This guy is driving me bonkers.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Create a text file. Put the text in it. Save it. Then rename the file to “.htaccess”. Windows will let you do it. Then put it in the main WordPress directory.

    As for blocking the spam on a more generic level, I recommend installing the Bad Behavior plugin. It stops most automated spam instantly. And if Spam Karma isn’t catching these, you might consider using Akismet instead.

    Thanks Otto42.

    I followed your instructions, and after entering the “Deny from” line, saved that “news text document.txt” file.

    However when I went to rename it to “.htaccess”, W2K yelled loudly telling me “you must enter a filename”.

    On the other hand, just out of curiosity, I FTP’ed the text file to the blog anyway, and then, within the FTP program, tried to rename the file on the site itself, and it accepted the change of name. I think the site runs on Unix.

    So, I’ll see if it does the trick.

    I will also investigate the “Bad Behavior” and “Akismet” plug-ins.

    Thank you for the help!

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Huh. I would have though W2K would allow that. XP certainly does. Oh well. Your method will work too.




    XP does NOT allow you to rename or create files with names that begin with a . (dot)

    I’ve _never_ had a Windows install that allowed it


    The strangest thing is that once I renamed the file on the site itself, just out of curiosity, I thought “let’s try FTPing back to my PC”, and W2K didn’t blink an eye.

    In fact I was able to open the local copy with UltraEdit (a text/hex editor), and again W2K didn’t mind in the least.

    Go figure, eh!

    Interesting you mention XP allows a ‘no-name’ file to be created whereas W2K doesn’t (at least not on my desktop PC).

    I have 2 notebooks which have XP on them, so if I ever need to do that kind of trick again, I’ll keep it in mind.

    By the way, the good news is that it’s now been some 12 hours that the flood of SPAM has stopped completely.

    I’m still not 100% sure the problem is fixed because that idiot would flood my blog but not all day long. It was like 2 or 3 times a day, nothing happening in between, but when he got started, it was pouring by the bucketful.

    But it’s now been around 12 hours without his SPAM, so I’m starting to feel that the trick is working.

    Many thanks again to you and DianeV 🙂

    PS: I’ll have to find out more about what else this .htaccess file can do.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Huh. whoami is right, I just tried it. XP doesn’t allow it through the normal Explorer interface. I guess I’ve always used programs like Textpad to create those, and it has no problem saving a filename with a dot.

    The command prompt will allow you to do it as well. Just checked. 🙂

    Ok, thanks again. The “Deny from…” .htaccess thing certainly did the trick. No more of that idiot’s SPAM bombardment.

    If I may ask one more question, where should I go to find out more about this .htaccess file – what it can do, the syntax, etc?

    I’m sorry I’m so clueless. A friend of mine installed WordPress for me and has taught me the very basics so that I could maintain the site, but I’m definitely not a pro.


    Look here:
    In fact, the whole page is beneficial.

    Some of the terms on this page may help you, also.

    WhyNot, if you want your WP blog to use the “pretty” URLs instead of, the commands that control that also go into the .htaccess file. However, WP is able to insert that into the .htaccess by itself.

    .htaccess is lovely, if confusing at first.

    Thank you for the tip DianeV.

    I’ve been reading Samboll’s links, and yes, you’re right, this .htaccess is pretty daunting stuff. Well, at least for someone as ignorant as I am, lol.


    In the links you ppl kindly provided, I found the following information:

    “To completely disable trackbacks, you will have to edit each past post and uncheck Allow Pings from the Write Post SubPanel. Alternatively, you could just simply delete the wp-trackback.php file, or run this MySQL query, from the command line on a shell account, or using PHPMyAdmin: UPDATE wp_posts SET ping_status=”closed”;”

    This last solution (the SQL query) looks like a pretty neat one. I have 2 questions about it:

    1. has anyone tried it and is it safe (and is the syntax correct)?

    2. if at any stage down the track I wanted to “undo” it, what would be the corresponding SQL query?


    backup your db prior to running the query. to undo it, change ‘closed’ to ‘open’.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Recent flood of SPAM via ping/trackback’ is closed to new replies.