Trackback Spam

I’m at work, so I won’t try it out until I get home. In any case, thanks for whipping something up so quick, Joe! I hope it works well. =)

I have just installed see and am curious what’s going to happen. Let’s pray the bots are stupid enough for now.

Two days ago I was hit with hundreds of spam comments, even though I auto-shut off comments after two weeks. I plugged in Spam Karma and that stopped the spammers. Today, I’ve been hit with a flood of bestiality/incest trackbacks. I’m going to try the Trackback Spam Stopper. Thank you for that.

Thanks to O.F. Jay, I was able to disable pinging for all my older posts. Run this query in the SQL field in phpMyAdmin for your WP database:

Update wp_posts
set ping_status = "closed"
where post_date < "2005-01-05"

In addition to my post above, I don’t think I’ll be seeing spam until pingbacks and trackbacks are made separate. Either that, or Joe’s Trackback Spam Stopper will do the job. ??

Edited the erroneous usage of double quotes before – full temporary workaround posted here (which is the same link as I posted below).

FAILURE ??
Looks like my hack didn’t work. I just got another flood of beastiality porn spam.

Oh well, back to the drawing board…

If the spamware is using trackback the same way most blogging software does, it is scanning the html page for the hidden “rdf:RDF” block(“trackback:ping=”), and using that info to send the trackback.

As long as your plugin alters the RDF block to reflect the new trackback URL, the spammer will have no trouble sending the trackback.

I posted a workaround, if anybody’s interested:

https://blogged.btvillarin.com/2005/01/05/goodbye-trackback-spam/

btvillarin – only one problem:
“#1054 – Unknown column ‘closed’ in ‘field list'”

BTW… Not all people are necessarily running the table as wp_posts.

If you don’t mind disabling all trackbacks for now, rather than hacking your database, why not just remove wp-trackbacks.php (well, save it with another file name for future reference).

That’s what we did and it worked a treat!

Anne

ARG! Just got another spam flood!

Hi Philaweb – I had the same problem. The SQL is good, but you need to check the quotes.

This worked for me…

UPDATE blog_posts SET ping_status = closed ;

pulpmovies – thanks for your help.
I’m trying to see the result of the file rename hack.
Will keep the SQL solution as backup. ??

Fortunately I’m able to see spammer details in my stats. The spammer uses Win ME and IE 5.5 with all hits. Most of the hits are warped via US ISP’s – cox.net, comcast.net and chartermi.net.

I used two different hacks to combat trackback spammers. First, I enabled blacklist checking for moderation. Adding the words sex, rape and incest to the blacklist blocked the majority of trackbacks I was getting. That stopped them going on the site, but I was still getting emails.

I followed anothers advice on these boards to change the default action in /wordpress/wp-admin/moderation.php from “Do nothing” to “Delete” so all I had to do was load the page and hit the submit button at the bottom and they went away.

Later, I noticed all of my spam trackbacks pointed back to the gogof-ck.com domain. This hack to /wordpress/wp-trackback.php made trackbacks that go to that url go away:

Immediately after the
@header('Content-Type: text/xml');

line add:

/* TBK ADD */
$pos = stristr($tb_url, "gogof-ck.com");
if ($pos !== FALSE) {
trackback_response(1, "Damn spammer.");
}
/* TBK ADD end */


Fixed that, at least for that host.

now all we need to do is to make that hack work for a whole blacklist…

–