Came across two interesting posts today Trackback spam a nightmare and Fighting Trackback spam. Although I appreciate the praise for all we’ve done thus far in WordPress to address these problems, I think we’ve got a lot left to do and this is still an area of very active development.
Exactly no trackback spam gets through if you block trackbacks with urls that do not resolve to the ip of the sender. I know there could be situations where a valid trackback is being blocked (because above method is non-standard), but I do not care and can sleep with that 😉
http://www.sebbi.de/files/trackbackfilter.phps
I thought most hosted services like Typepad send trackbacks from a different IP than the domain resolves to, which is why more people haven’t done that step already.
Not to forget the offline blog tools which send the trackbacks directly. But the filter could be easily modified to just send the “dubious” trackbacks into moderation ore something like that … maybe some kind of whitelist for certain blog-services …
The excellent SpamLookup plugin for Movable Type has a feature to gauge “distance” (in IP block terms) of the tracked back host in comparison with the client sending the ping. It gives you several levels of distance to choose from and lets you block or moderate these trackbacks (it’s better to moderate them).
I have some more thoughts about trackback spam at my blog, just in case you’re curious…
Also, that “blog post times” thing below is cool!
Some of the best work done to date in terms of blocking spamments (both comments and trackbacks) is Dr. Dave and Spam Karma. To be honest, I wouldn’t at all mind see SK2 fully integrated into a standard WordPress install. Seems more or less a necessity these days.
Whoops! Except for the fact that SK2 isn’t GPL. That might make it kind of tough.
SK2 isn’t GPL or open source? That’s strange.
I agree that SK2 has been nearly perfect. i really can’t complain. WP with SK2 installed is awesome.
No, Matt, it’s open-source, but not GPLed. Dr. Dave phrases it thusly:
Given his involvement with WordPress, I doubt he’d mind having it integrated (although that would make independent development a little more difficult). Perhaps merely a default plugin….
GPL has nothing to do with copyright, it’s about the rights you have as a user, and I doubt that would get past OSI. However it’s not at all a big deal. Even though what he says is odd, the spirit is still OS .
Spam Karma 2 is great for smaller traffic sites. When you get bigger and come under attack from a thousand a day or more, though, you need something else, if only to cut down on the volume of email you receive from SK2. At the moment I’m preparing to release the next version of Bad Behavior which cuts the flood of spam to a trickle, or, I’m hoping with the upcoming release, shuts it off entirely. I recommend using Bad Behavior in addition to Spam Karma 2 for complete coverage.
OK, I didn’t really mean to pimp myself here. Or maybe I did. But Matt’s point is valid: there isn’t enough built into WordPress to deal with the massive onslaught of blog spam, and the solutions out there now aren’t sufficiently matured. But we’re working on it. (Oh, and Bad Behavior is GPL.)
Yep I’ve been very happy with Bad Behavior on another project I’m doing.
My only concern about Bad Behavior is false positives. Otherwise, I’ve heard nothing but good things.