mike's web log/comments

 
1. Original Entry + Comments2. Write a Comment3. Preview Comment
New comments for this entry are disabled.


July 21, 2005  |  Trackback spam  |  644 hit(s)

In my blog I've started seeing a variation on comment spam -- trackback spam, wherein a trackback is left whose purpose is, of course, to embed a URL into the blog. This is an interesting twist because it's not quite as easy to defend against trackback spam as it is against comment spam.

To review: for comment spam, the most popular defense (aside from simply disabling comments) is to add some sort of feature requiring human intervention before the comment is saved. Most people use a CAPTCHA control. In my case, I present an arithmetic problem that is easy for humans but not so easy for automated comment-spam bots.

For trackbacks, though, you can't do this -- trackbacks more-or-less by definition are posted by machine, so you can't require human intervention. (At least, not in my casual thinking about it.) So my defense for now is to disable comments; I just updated the blog code so that if comments are disabled, so are trackbacks. Not a particularly effective defense, really, but since all the trackback spam was hitting one particular entry, maybe it will fend off at least one spammer.

In addition, for the time being the volume of trackbacks I get is small, and I am alerted whenever one is posted, so it's easy for me to simply delete the bad trackbacks manually. So that's a secondary line of defense (and a very effective one, too!), assuming I am not inundated with trackback spam.

I'd be interested to hear whether others have seen this problem and what they are doing about it.



Jenny   22 Jul 05 - 1:29 PM

For myself, since I use Movable Type for my blog, I do three things: 1) I use moderation mode to keep comments and trackbacks off public pages until I approve them, 2) I use the MT-Blacklist plugin to remove bogus comments and trackbacks with minimal effort and to report blacklist additions to other plugin users, and 3) I use another MT plugin (can't remember the name offhand) to close old entries automatically.

Before I started doing this, I'd get blog spam every day. One weekend I got over 500 bogus comments. Now, every once in a while I still get blog spam, but it's a snap to manage now. Two minutes using the plug-ins and it's done.

 
mike   22 Jul 05 - 1:46 PM

Aha. Looks like the answer might be to create a moderation mode. I don't necessarily like the idea of closing comments on old posts, mostly because I do occasionally get comments on them, particularly older technical posts that someone has found just recently by googling or whatever. I could also do a blacklist by IP -- I capture the IP of anyone who comments, although I'm not sure I'm doing that for trackbacks. I should investigate.

Anyway, good thoughts. The benefit of having written my own blog software is that I can implement anything I want. The downside is that if I want anything, I have to implement it myself. :-)

 
Nikhil Kothari   25 Jul 05 - 1:09 AM

Perhaps you could make a request to the URL, and see if they truly have a link to your page...

 
mike   25 Jul 05 - 9:27 AM

Excellent idea: go scrape their page and look for the link. I'll play with that ...

 



 

mike pope  | about this blogdisclaimer |   | Creative Commons License