Comments Pings and Trackbacks

because of the 403 error I tried a workaround on a test blog to work with a copy called pingback.php changed all the references in the source and tried again.
Still got this 403 error. Is it generated inside WordPress somewhere?
I’ll change all back to xmlrpc.php and keep on searching.
In the meantime I’ll disable pings and trackback all together……

And I still have to find out why WordPress sends me two e-mails for every new comment…

I suspect something is wrong in the configuration of the server because I have recently uploaded a fresh install of WordPress 2.1.1

Half the fun of using WordPress is the borkage. The trackbacks and pings have *never* worked reliably. And I speak with some experience. ??

Now I have discovered that Trackbacks actually work, but….hold your breath….NOT when I send from another WordPress Blog……
I have sent trackbacks with a manual trackback php that I had found somewhere on the web. All trackbacks show up nicely on my blogs. No error messages whatsoever.
When I try to access from another WordPress Blog: 403 error.
The funny thing about all this is that I am gaining a little knowledge of the techniques of pings and trackbacks
??

Have you checked the permissions for the file in question?
Could a server setting be causing this – have you talked to your host?

Permissions is now: chmod 755.
The file executes when accessed from my manual script.
Nothing wrong on the host side I guess.

spot the difference:
when sent from my manual track php script:

/tijmen/wp-trackback.php?p=111
Http Code: 200 Date: Feb 23 08:29:08 Http Version: HTTP/1.0 Size in Bytes: 78
Referer: -
Agent: Snoopy v1.2.3


when sent from WordPress:

/tijmen/wp-trackback.php?p=111
Http Code: 403 Date: Feb 23 08:32:00 Http Version: HTTP/1.0 Size in Bytes: -
Referer: -
Agent: WordPress/2.0.6


You said you are running 2.0.8 then upgraded to 2.1.1. Any idea why it would report…

Agent: WordPress/2.0.6

Could there be old files in the install somehow?

That is because I tried a trackback from another site still running WordPress 2.0.6
This is what I get when I trackback from my own site:

/tijmen/trackback.php?p=111
Http Code: 403 Date: Feb 24 04:01:20 Http Version: HTTP/1.0 Size in Bytes: -
Referer: -
Agent: WordPress/2.1.1


Solved it!
I got rid of the 403 error for access to xmlprc.php.

I have added this to my .htaccess file:

<Files xmlrpc.php>
SecFilterInheritance Off
</Files>

now mod_security will not block access to xmlrpc.php

macbrink’s solution is nice, but it still leaves a self-created security hole for xmlrpc.php attacks. A simple and slightly better solution: First, copy xmlrpc.php to yourownrandomname.php,

Second, use macbrink’s .htaccess modification method above, but instead of leaving the security hole open at xmlrpc.php, it is now at at a (hopefully) unique filename that the script-kiddies won’t bother to attack.

<Files yourownrandomname.php>
SecFilterInheritance Off
</Files>

Third, change DeepestSender or WindowsLiveWriter, Performancing or whatever blog client you use to point to yourownrandomname.php rather than xmlrpc.php.

I’ve done lots more explanation at:

https://timrohrer.com/blog/?p=96

It is very easy to get that unique filename because it will be on your page as pingback url. If your file was know only to yoe, the pingback would not work. That is something script-kiddies would have found out already.
I rely on other forms of security for xmlrpc.php atacks. Most spam will be caught by akismet and other spam plugins.

Doesn’t WordPress automatically have trackbacks? Since I don’t get any comments, it would be nice to have a trackback, or to send one to someone I’m linking to.

What does yourownrandomname.php mean, author.php?

And can you tell me the name of the file htaccess is in?

Or is there a plugin for trackbacks? I have 2.1

I just remembered that htaccess is somewhere in my server. Been a while since I had to go deep. Questions on others remain.

Does anyone know how to enable trackbacks? Do you really want me to keep writing a blog with no feedback whatsoever???