How to get rid of trackback spam?

Yeah, lemme know how it works out. I haven’t gotten a lot of feedback! It it works, or if it stinks, lemme know! ?? ??

-d

https://r0x0rz.info/archives/2005/04/08/trackback-spam

Read the update. It works 100%. And I love it! All spam is now gone.

Okay, three days after installing-activating CG-Referrer and CG-AntiSpam and I have had ZERO trackback spam messages. I guess you could call that a success. Great job, Mr. Chait!

Have you checked the admin pages to see what is coming in and being tagged as spam? It’s the CG-AntiSpam ‘Show’ subpanel (I need to make ‘tag’ and ‘flush’ require extra button presses, as they are potentially ‘dangerous’ as I don’t have a ‘mark as not spam’ option yet’).

Just ensure no ‘real comments’ have come in that got false-positive spam marked, and i’ll be real happy. ??

-d

It says that there have been no comments marked as spam. So, it is just a coincidence that I haven’t had any trackback spam since intalling-activating the CG plugins?

No, it could be that CG-Referrer is ‘stopping them at the gate’. I need to add a feature to CG-R to track whether the thing ‘stopped’ happened to also be a POST comment/trackback attempt… You could disable CG-Referrer for a little while and see what comes in… and whether CG-AntiSpam catches it! ?? ??

I’ve been getting a TON of blocks thrown on brand new sites, all from the same guy, without direct-entering a single one of them. YAY.

I’m starting to wonder if there’s a way to take all the data I’m accumulating on his activities, abuse of domain names for spam purposes, and take down the umbrella domain (there’s a few different umbrellas out there now, used as the support contact for the domain(s) that spam…).

-d

I am using CG-Referer (but not CG-AntiSpam) and the HASHCASH plugin.

They had stopped the massive spam hits that I had since upgrading to WP 1.5 in February, and are/were working nicely, I hadn’t had a spam comment from March 22 until one gobbly gook nonsence alphabet one on April 8th, then nothing spam tagged at all … until last night TRACKBACK Spam started hitting.

I have 27 of them thus far.

Most of them get tagged as spam due to my internal blacklist entries for poker, but a few were getting put into Moderation.

All of them are about poker except for one which is an “i hate u” message that may or maynot be the same spammer, but anyhow, 26 of them are all poker related and have a URL entered that is: “soundandmossl.com” with a poker related link in the comment that goes to that domain.

I don’t know if CG-Referer logs trackbacks … does it? I can’t see that anything is listed. I’ve gone into phpmyadmin to try and match stuff and still can’t.

At the time this all started (yesterday evening April 13th) “sml338.org” was showing up in the referrer logs since mid-morning with “comments-post.php” loaded, but HASHCASH probably defeted that then. So when I discovered all that I also found that there was a new cg-power-pack out and I upgraded, but had to add “sml338” to cg-blacklist.php then it started to log that referrer as [403]. I had 9 hits from that referrer all day on the 13th before that point, since adding it to cg-blacklist.php I’ve had to this point: 231 hits logged as “[403] sml338.org”.

Trackback Spam started after I upgraded to the most recent cg-power-pack last night, and put “sml338” into cg-blacklist.php

Weird combinations of things, so I can’t tell if it’s because I put that domain into cg-blacklist.php or upgraded cg-power-pack or both, or just coincidence.

I keep getting new trackback spam every such and such minutes. I see it since I have the “PagedCommentEditing” plugin by “coldforged” installed.

Most all of it gets tagged as spam, but some is put into moderation.

Just wanted to log my experience here to record my problem with it. I’m going to put my previous version of cg-power-pack back on my site to see what happens, then delete all those files and put the new one back. Experiment to see what happens, then I’ll report that back here to see if it’s a mess up from upgrading or the new version or none of them. ??

Hmm. Backing out shouldn’t do anything, except remove some newer, better blocks I’ve put in.

My guess is that the spammers ‘ratchet up’ step by step. AntiSpam should catch it all if it’s poker links, certainly! ??

sml338 is in my new blacklist — I’m working out a way to have remote CG-Referrer/AntiSpam update their local blacklist automatically, and have a secondary file for your mods. But sml338 was also being blocked the moment it showed up, without specifically adding it.

All of these recent rash of spammers are one guy, all the domains are registered to one registrant, and all the spam I’ve seen the past few months has been maybe three people — and that’s assuming those three aren’t made-up folks all by one person…

-d

CG Stuff
————
I deleted all the cg-powerpack files and reuploaded them. I did search the blacklist.php for sml338 but didn’t find it. I mean I used a search feature and IT didn’t find it. I didn’t really look for it with my own eyes. By adding it myself the “search” I used found THAT one. Just to explain why I added it. I added that as I uploaded the new cg-powerpack yesterday evening, so I couldn’t tell if it was my adding it or the new blacklist.php ??

I am not using CG-AntiSpam, I’m gun-shy of it from my first experience with it in March. (remember me, somehow something happened and it marked a slew of past comments as spam, that were legit comments, and I had to manually reinstate each one, with much thanks to that lovely PagedCommentEditing plugin!)

I have another hits script monitoring my site and see that some of the actual IP’s listed on those TRACKBACK SPAM I’m getting are logging as coming to the site and loading a specific permalink with “/wp-comments-post.php/” tagged onto the end.

That actual post isn’t ever showing up as being commented on. But anyhow I edited that post and un-bulleted “allow pings” so since then the trackback spam slowed down a bit … mostly the stuff has been coming every 3 or 5 minutes, or with 20 minutes between sometimes, last night they were every hour, about, with two hours between some, then this morning a three hour lag, then it ramped up to the current every few minutes or so.

I’d be happy to use CG-AntiSpam if I knew what to do with it, like had a clue what to do instead of just trying to figure it out, as I did last time. All I did last time was click on something innocently named, I don’t recall what, just something that was there when I had just turned the plugin on … and it instantly did what it did and I immediately deactivated it. So I don’t even have a clue what it is I did. Hence, being gunshy.

My experiement, all I did was deactivate CG-Referrer at first, and nothing was different. So I deleted the plugin files and reloaded them. So it’s not affected by CG-Referrer at all.

My Question that hasn’t been answered is: how does a Trackback come in and get logged, does it get logged, in other words, or does it not?

CG-AntiSpam, I just looked at the readme file, and it must have been that I clicked “Tag” and it tagged over 300 of my legit comments that time I tried it in March for two seconds.

I know that I am looking for a way to reject (or bounce) trackback spam without turning off trackbacks. HashCash seems to be working for stopping spammy regular comments, I guess I should take a look to see what the Karma things do after all. I was trying to not do that. I was A-OK with the current setup since March 22, it was great, no spam at all, then BLAM! The trackback kind hit hard yesterday. Ho hum it never ends for long. ??

sml338 hasn’t showed up since earlier today, the last post here I said 231, and they are sitting at 233 since right after I posted. So anyhow, I’m just rattling this stuff out since it’s all connected.

So I guess I’m not looking for what CG-Anti-Spam does but I’ll continue to monitor it’s development, etc. CG-Referrer bounced what it could and WordPressHashCash nixed the rest of the junk.

——————–

Other Spam Stuff
——————
Two other spam types are alphabet nuthin types, and not real email address given, not even right format for an email address, sometimes those are combined as one.

They are just annoying flippant things, is there something to blacklist those with the internal blacklist …?

They get past HashCash, are comments I’ve gotten here and there, not often, just sometimes on WP 1.5, any of my installs.
Just my main one is the one that gets all that junk above.

My other blogs see little comment action and I just would like to get rid of the alphabet nonsense and the comments that have no email address or not formatted as email address.

My blogs all require a real email address, so why does putting in “me” or “https://google” or some such thing validate as an email address in the comment submission?

??

I said it was in >my< new blacklist, not that I had updated it yet! Thus the commentary on looking into auto-updater systems… ??

Trackbacks might not get logged properly — I’ll have to look at the WP code and see whether plugins are getting loaded. If they are, trackbacks should be logged like anything else.

My problem at the moment is that I don’t have code-level access to a site that is getting comment and trackback spam, that I can hack around with to try to improve CG-AntiSpam. CG-Referrer will do a lot all by its lonesome, and I’ll look into whether I can catch some of the trackback stuff ‘at the gate’.

I am using a couple of plugins and few WordPress 1.5 options and for the last three months I am without any comment, trackback, pingback or referrer spams.

I do not use nor recommend Spam Karma because it makes life harder for end-user with its frequent false positives and actually does a decent job of insulting them on the basis of its erroneous diagnostics, been on the receiving end of it twice ??

Neither do I rely on CAPTCHA. The goal is to make the life of my viewers as painless as possible, as far as my blog is concerned.

Let me know if you find these strategies useful for preventing your spams.

So far, I’ve had pretty good luck with Bad Behavior: https://www.ioerror.us/software/bad-behavior/

@angsuman:
Your experience with SK was but one.
drDave’s excellent work has done solid work for many many people – promote your work by all means, but stop dissing his please.
It’s not fair, he’s not here to defend his code and you’d hate it if he did it to you.

@podz You misunderstand. I have explained my position in another post.

If you look at the comments here and elsewhere you will realize that I am not the only one. I have explained in the other post the exact reason for my rants.

I have nothing against Dr. Dave other then respect. I think he has contributed much to WordPress.

This is not a tirade against him (not even in dreams) but a particular piece of software which I think is particularly nasty to end-users, in terms of installing, maintaining and worst of all to the commenters of a blog. Everytime I see these SK issues crop up, I get the same bad feeling. These needs to be addressed.

Feel free to criticise anytime even more harshly any piece of software I have created or contributed, I wouldn’t mind the least. Through these criticisms we can make better software.

Fair enough ??

I have a friend who can install MT without batting an eyelid, so installing / maintaining and such like are subjective experiences.
If someone posted here asking where and how to alter the default message in SK / SK2 then they would be told – but stand back a moment …. it’s a blog, it’s only words and I think you (speaking broadly) have to have a fairly thin skin to be upset by any sort of built-in message in any software. People need to chill a little bit – and in the end what do you really really want ? To wake up in the morning and find you have to delete hundreds of spams or to write one email to calm an irate commenter ? Regardless of what approach you use mistakes will be made – if you want comments / trackbacks then the perfect spam solution has not yet been written (and even if it were, after 24 hours it would be broken).

drDave is addressing the issues – he has been waiting ages for WP1.5.1 to be released which does do this.

I agree that better software is the goal, but I feel strongly that all constructive criticism should go first to the code author.