Spam? Read this.

So then clearly, the trackback feature needs more security and more options because this is just nuts. Either way it seems like a huge hole in the system if people can post messges through trackbacks at this massive rate.

Or, install and turn-on Bad Behavior listed at the top post in this thread.

Trackbacks are part of blogging. You can elect to disable them, of course. Or you can use a plugin(s) to filter ’em.

So then clearly, the trackback feature needs more security and more options because this is just nuts. Either way it seems like a huge hole in the system if people can post messges through trackbacks at this massive rate.

the trackback framework was designed before spam and without the thought of spam, so there is very little security designed within the framework.

please read handysolo’s post above. those are your options. if you want the interactivity of comments and trackbacks, you will need to learn to live with spam. nothing will protect your blog 100%. if you can’t stand comment and trackback spam, disable comments and trackbacks.

So, guys & gals, how are they getting in there? Is this a feature or a bug?

smb488292, do you post before reading the thread from the beginning?

look at the first line of the comment. if it has strong tags, it's a trackback. trackbacks bypass the requirements to comment.

Well, I confess that my original understanding of trackbacks was a little vague. I thought pings/trackbacks were no different than one blog tapping another on the shoulder. Now I understand them to be more like shouting obsenities than a tap.

Anyway, they are a backdoor to bybass the login security of a blog. I will tell that to my client. Now for another pot of coffee.

Thanks for answering my question people!

Thanks. We diffinately help me. Tired of spammers ??

Well, I confess that my original understanding of trackbacks was a little vague.

Clearly.

I thought pings/trackbacks were no different than one blog tapping another on the shoulder. Now I understand them to be more like shouting obsenities than a tap.

No, trackbacks are way for blogs to automatically tell other blogs about posts related to the blog receiving the trackback. So if I make a post about somebody else’s blog post, and I link to it, then my blog tells the other blog about it, and they can make a comment out of my post, or what have you. It’s a way for blogs to comment on other blogs.

Spammers are clearly abusing this feature in order to post comments on blogs in an automated fashion. If you use plugins like the ones at the top of the thread, this prevents this sort of thing.

Anyway, they are a backdoor to bybass the login security of a blog.

No, sorry, but that’s not the case at all. Trackbacks are perfectly secure and functioning exactly as they were designed to function.

If spammers can send you email, does that mean that your email is insecure? Or does it mean you need filters on your email?

There is no technology in which you can both receive arbitrary messages and also prevent people from sending you messages that you don’t want. The technology has no idea what messages you don’t want. You have to tell it that you don’t want certain messages somehow. The spam-blocking plugins posted at the top of the thread do just that.

I downloaded and installed Kismet, but there’s still spam getting through that needs to be moderated. I’ve had something like 15 attacks in the last hour or so.

Should I get something else to help Kismet?

Yeah. First post in this thread, see the link for Bad Behavior.

Personally, I don’t think that asking people to install and activate plug-ins is an acceptable remedy for what’s clearly an exploit. Even if it’s an exploit of a fundamental character of the ping/trackback system, that’s still an exploit, and at the very least, people should be PROACTIVELY made aware of why this is happening and what they can do about it. WordPress has this neat feature for broadcasting messages to the entire community, but the last message on it is about the April Fool’s Day joke nearly two months ago!

I removed the “allow comments” option of all my previous entries into my blog. How are they still spamming me?

How do I put plug in the Bad Behavior plugin?

@darthwong – I can only assume you haven’t read the entire thread.

Personally, I don’t think that asking people to install and activate plug-ins is an acceptable remedy for what’s clearly an exploit.

That’s the thing. It’s NOT an exploit, in any sense whatsoever. They’re not exploiting anything. There’s no hole in the code. There’s no bug.

If you have comments on, and people post spam comments, is that an exploit too?

dpaullin:
-Download the Bad Behavior plugin and unzip it.
-Put the Bad Behavior directory into your plugins directory.
-Activate the plugin in your plugins panel.

That’s it. It has no configuration. It stops the vast majority of this spam from ever hitting your blog at all. The few that do get through are usually caught by Akismet.

That’s it. It has no configuration
Except maybe to set the “verbose_logging” to FALSE, otherwise your DB will get fat pretty soon ??