Trackback and Comment Spam is an ugly thing.
Published Tue, Nov 21 2006 11:31 PM
Technorati Tags: Computers and Internet, Blogging
Now I happen to enjoy trading links with other bloggers. I have linked to several posts over the last couple of weeks, and I have requested trackback pings for the ones where the blog I am linking to supports them. To my friends in the blogosphere that have linked to my site and or requested trackbacks, thank you. You are appreciated and I will continue to offer trackbacks to anyone that links to my site with a legitimate blog posting, whether I agree with their politics or not. The same goes for commenters.
I'm not going to help spammers if I can help it though. I realize this isn't something new. I've read about sping's and spam commenting on Technorati, and I've experienced it with every blog host I've tried. Since I wrote the software behind my blog though, there's something I can do about it here.
I just checked my email about an hour and a half ago. There were 50 error notices from my website. All of them were sent between 8:10 and 8:15 PM PST tonight. All of them were the result of a failed attempt to post trackback spam to my weblog.
Fortunately the attempted spammer didn't have a clue what they were doing. First of all they tried to do the trackback via a GET HTTP request, which my trackback system doesn't accept. Second, they tried to insert malicious script into the trackbacks and my filters caught it and sent the error message to my development email address.
This particular spammer used ten different IP addresses, all provided by the same ISP, INHOSTER in the Netherlands. I fired off a quick notice to the abuse address at their ISP, and then started going through my archives to check for other trackback spam.
Sure enough, I found some. Quite a bit actually. There were over 100 trackback spam pings on a single post way back in the archives. This was totally unacceptable to me. I added a new table to my database for banned IP addresses, then added some code to my trackback module to reject pings from banned IP addresses. I then populated the table with the IP addresses from all of the trackback spam.
The site has been updated. The trackback spam has been deleted. I'm sure, now that I'm starting to see more traffic on the site that there will be more trackback spam in the future. There are 55 new IP addresses it won't be coming from though, and 55 IP addresses that won't be adding comments to the site either.
I have added a policy notice to my site as a result of this attack. If anyone is interested, I will be adding a list of all banned IP addresses to the bottom of the policy notice page in the next couple of days.
In the time it took me to post this, yet another spammer got caught. The list is now up to 56 banned IP addresses. A static list of the banned IP addresses is in the policy notice page. I will update the page in a few days to retrieve a dynamic list of banned IP addresses.
I will also be revisiting the ban mechanism so that I receive notice of all trackback requests for approval, deletion, and banning this weekend. Trackbacks will no longer instantly appear on the site, but they'll be moderated.
While I'm at it, I will switch the comment mechanism around to my own code. Haloscan is a cool service, but they only let you add 20 bans.
Overnight another 19 trackback spammers were trapped. I also had another burst of 20 trackback spam attempts that tried to spam using HTTP GETs instead of POSTs. The total number of banned IP addresses is now up to 83.
The list of banned IP addresses keeps growing. It's now up to 173 entries. The spammer trap is still working, although one managed to get past it and spammed about five of my posts.
I've updated the trackback mechanism a bit. When I receive a trackback ping, the ping handler will automatically retrieve the URL referenced in the ping and scan it. If your post does not contain a reference to the post you are trying to trackback to, your trackback ping will fail immediately.
Trackback URI for this post: http://perrinelson.com/track.aspx?postid=171
Permalink URI for this post: http://perrinelson.com/2006/11/21/171.aspx
Subscribe to this entry's
comment feed. (Atom)
Comments to this entry are closed.