May 26, 2006

Trackback Spam

Updated

Trackback spammers have recently been flooding blogs with spam, often with hundreds per day. Although MT's Spam Lookup plugin junks most of the spam, the flood of trackbacks can put a strain on server resources. To take a look at the amount of trackback spam you may be getting, click on "Trackbacks" from your main blog menu, then select "Junk Trackbacks".

Listed here are some defensive measures you can take.

Moderate all trackbacks

MT 3.2 allows you to approve all trackbacks before they post to your site. To do this, go into your blog's "Settings" and select "Feedback". Scroll down to the TrackBack section and check the checkbox next to "Moderation". Save changes.

Spam Lookup

MT 3.2 ships with a powerful anti-spam plugin called Spam Lookup. If you are getting hit by a flood of trackback spam, look for the common unwanted words or specific strings to block. If a spammer is leaving URLs like http://yucky.nasty.com and http://icky.nasty.com, all you have to do is block "nasty.com". Do this by adding the domain name in the Plugins > SpamLookup > Keyword Filter Settings > Keywords to Junk "Keywords to Junk" in .

Spam Lookup makes use of PERL Regular Expressions. So by adding a few characters to your keywords you can have more flexibility in what you block. (Personally, I have no idea how to use Regular Expressions. If there is someone out there in the community who is willing to walk me through the basics and what one would most often use with Spam Lookup, I'll be happy to write it up.)

Neil Turner has written the tutorial Making the Most of SpamLookup which explains more about this plugin.

Other Measures

MTDisguiseTrackbackURL from MT-Hacks

MTAutoBan - prevents the same sources from filling your database with junk.

TrackBack patch for MT3.2 - changes the trackback API to use identifying strings instead of numerics as the trackback key.

SpamLookup Extension - This modification to SpamLookup provides the ability to apply word filters to specific fields in the comments and trackbacks, rather than the conglomeration of all fields.

Auto-delete junk comments/trackback script for MT 3.2

Links:

Six Apart Guide to Comment Spam
Making the Most of SpamLookup
Movable Type User Manual section on Spam Lookup


Has this tutorial been helpful? Please consider linking to Learning Movable Type at http://learningmovabletype.com/ . Thanks!

Trackback

If you would like to send a trackback
please use the following URL: http://learningmovabletype.com/cgi-bin/mt32/mt-tb.cgi/289

Comments

1) The single most effective means of blocking spam trackbacks is to junk trackbacks whose domain IP address doesn't match the IP address of the machine that actually sent the trackback.

Spammers are using botnets of compromised PC's to send their spam, but none of these machines will be hosting the actual domain that appears in the trackback.

SpamLookup can be configured to automatically junk these types of trackbacks by clicking on the "Show Settings" link under "SpamLookup - Lookups" (on the main Plugins page in MT), then under "Advanced Trackback Lookups", click on "Junk Trackbacks from suspicious sources".

This setting alone catches 99% of spam trackbacks on my weblogs.

2) SpamLookup Keywords and regexes:

I have a post on how SpamLookup's Keyword filter works, along with a couple of examples of where you should use a regex (including how to junk comments /trackbacks based on words that appear only within URLs, similar to the URL Patterns that MT-Blacklist had).

If you'd like more information about regexes in general, or you have specific examples you'd like to see how they could be set up as regexes, drop me a line. :)

I have been using the CCode and TCode plugin from Alogblog's MTy Plugins and haven't had to delete a single comment or trackback spam since installing it.

It catches the spam before it is loaded to the server, thereby decreasing server load. As you know, MT 3.2 reinforced the method for anti-spams, however, this means a little more load on the server because of each SpamLookup plugin's working, such as IP, link, content Filtering. Therefore too many spams in a short time may cause an overload on some servers.

This plugin also runs mt-comments.cgi in order to compare the proper comment fields. But its calculating loads are trivial, and if incoming feedbacks are made by guessing feedback URL by spammer, MT's SpamLookup'll be never happened, so it'll lessen server loads.

You need to edit the Individual Entry template to use this plugin, and add code to the mtsite.js, but full instructions are given and most MT users would have no trouble installing it.


Post a comment

(Before posting a comment please see the Comments and Trackbacks Policy. Do you need help troubleshooting your weblog? Please post questions and requests for support at the MT Support Forums. Thanks!)




Remember Me?

(you may use HTML tags for style)

Email to a friend

Email this article to:


Your email address:


Message (optional):