Trackback spammers are testing a new script.

Looks like the trackback spammers are hard at work with a new script of some sort. Woke up to a little over a half-dozen trackback spams this morning across all the blogs I maintain each using random text for the weblog name, domain, and entry. Each had a different IP address so it was able to avoid the limit on trackbacks received in an hour that ExpressionEngine allows you to define. Cleanup wasn’t a big deal as the notification emails all have links in them to quickly delete the entry in question, but it’s annoying just the same so I’m turning on a relatively new feature that adds a random security code to all trackback URLs generated by EE. The idea is similar to captchas—if the trackback doesn’t have the right security code it’s rejected. Not sure how it works in practice so if you try to ping SEB with a trackback in the next few days and it fails then be sure to let me know so I can look into it further.

Update: Looks like the security code option isn’t working quite right. Not sure if I have something set up incorrectly or what, but I’m turning it back off for now.

6 thoughts on “Trackback spammers are testing a new script.

  1. I had that as well, both on my MT blog and my WordPress test blog. The problem with Trackback spam is that the problem affects all CMSs which have trackback, not just specific systems like comment spam does. You can’t just switch to another platform to avoid the problem.

  2. I had one of these this morning, too, dagnabbit.

    On the other hand, I managed to effortlessly block 80k-odd trackbacks/comments referencing a version of cards that originates in the President’s home state, so I felt pretty good overall.

  3. Indeed. The blacklist in EE does a pretty good job of weeding out stuff like that as well. Of course it’s only as good as what it has listed in it and these domains were all randomly generated. Fortunately, the limit on trackbacks allowed in an hour from an IP address kept the cleanup small.

  4. Les,
    I had about 20 over the past 18 hours at the Asylum.

    When I switched from MT to EE in November, I originally turned on the random bits for TB pings, but could not get it working right either… I just didn’t grok it fully I guess.

    If you figure it out, please let us know smile

  5. You must have done OK, Mom, as the trackbacks were gone when I checked a little while ago. grin

    I’m not sure if caching interferes with the security code or not, but I’ve got a note off to the pMachine crew to see if there’s something I’m not doing correctly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.