More Trackback Spam

Came across two interesting posts today Trackback spam a nightmare and Fighting Trackback spam. Although I appreciate the praise for all we’ve done thus far in WordPress to address these problems, I think we’ve got a lot left to do and this is still an area of very active development.

13 thoughts on “More Trackback Spam

  1. I thought most hosted services like Typepad send trackbacks from a different IP than the domain resolves to, which is why more people haven’t done that step already.

  2. Not to forget the offline blog tools which send the trackbacks directly. But the filter could be easily modified to just send the “dubious” trackbacks into moderation ore something like that … maybe some kind of whitelist for certain blog-services …

  3. The excellent SpamLookup plugin for Movable Type has a feature to gauge “distance” (in IP block terms) of the tracked back host in comparison with the client sending the ping. It gives you several levels of distance to choose from and lets you block or moderate these trackbacks (it’s better to moderate them).

    I have some more thoughts about trackback spam at my blog, just in case you’re curious…

    Also, that “blog post times” thing below is cool!

  4. Some of the best work done to date in terms of blocking spamments (both comments and trackbacks) is Dr. Dave and Spam Karma. To be honest, I wouldn’t at all mind see SK2 fully integrated into a standard WordPress install. Seems more or less a necessity these days.

  5. No, Matt, it’s open-source, but not GPLed. Dr. Dave phrases it thusly:

    Spam Karma 2 is not GPL. It is copyright and all rights reserved. However, it is absolutely free for download, use and non-commercial redistribution. Anything else is subject to prior written permission by myself. If you contact me, chances are I’ll say yes to any reasonable request.

    Spam Karma is “free software”, in that it is absolutely free to download, free to use and even free to tinker with (although I typically would require any modifications made to it to be clearly indicated to potential users). What I do not want to see, though, is people grabbing a version of WP and SK2, packaging them together and selling them for $300 (as they could do, with GPL software). Bottom line is that I am not trying to make money with this, and I don’t see why somebody else should be able to without me having a say first.

    Given his involvement with WordPress, I doubt he’d mind having it integrated (although that would make independent development a little more difficult). Perhaps merely a default plugin….

  6. GPL has nothing to do with copyright, it’s about the rights you have as a user, and I doubt that would get past OSI. However it’s not at all a big deal. Even though what he says is odd, the spirit is still OS .

  7. Spam Karma 2 is great for smaller traffic sites. When you get bigger and come under attack from a thousand a day or more, though, you need something else, if only to cut down on the volume of email you receive from SK2. At the moment I’m preparing to release the next version of Bad Behavior which cuts the flood of spam to a trickle, or, I’m hoping with the upcoming release, shuts it off entirely. I recommend using Bad Behavior in addition to Spam Karma 2 for complete coverage.

    OK, I didn’t really mean to pimp myself here. Or maybe I did. But Matt’s point is valid: there isn’t enough built into WordPress to deal with the massive onslaught of blog spam, and the solutions out there now aren’t sufficiently matured. But we’re working on it. (Oh, and Bad Behavior is GPL.)