My site is currently getting slammed with Trackback spam… sometimes several a second. The Spam Karma plugin is blocking most of them, but there are a few that might get through, and for that I apologize. Ironically, the spammer is doing me and the community a favor, because each one that gets through is used to make the system stronger, and each failed attempt just makes Spam Karma automatically ban their IP.
Comments
Trackbacks
-
scheint wohl übel bei WP blogs weiter zu gehen, siehe Tempus Fugit . ich hab seit gestern ruhe
Ann Elisabeth says
I wouldn’t be so sure. You see, this particular spammer is most likely using virus infected computers to spam for him. So all you’ll achieve by using IP blocking, is to block a lot of innocent clueless people.
He’ll still get through, because he’s got a LOT of machines to spam from.
I’m guessing a central list of partial URL’s used will have more luck.
Mark says
He is using virus-infected computers and you’re right… IP banning is useless in the long run. What I mean is that when he submits two spams today and his IP is banned, when he tries again from that IP in an hour, I’ll be better able to block him. A week from now it will be useless, which is why I purge my IP bans frequently.
The main things that are blocking him now are partial URIs as you suggested, keywords, links to blacklisted domains, and trackbacks being sent from either open proxies, or machines that have been temporarily blacklisted (because they’ve been taken over).
The IP blocking only helps me get him if he can manage to avoid those traps… there have been about 3 comments that avoided the traps today, so IP banning will help those from repeating.
IP banning is always a bandaid fix, and like a bandaid, if you leave it on for too long, bad things happen. 😀
Rob says
Personally, I’ve just gone back to the original “band aid” fix you gave me Mark. I added every letter of the alphabet to my blacklist so that all trackbacks have to be moderated. I totally comfortable with that.
My site isn’t loading now anyway though. It would appear as though the host is down. I guess somebody on their system is over-using the system. That’s what they’re telling me anyway. I’m not sure if Powweb has a lot of blogs hosted there that this trackback spam would be affecting them, but maybe.
Mark says
If they have Movable Type blogs that are getting hit, that would do it. Many hosts have banned MT for that reason… good customers like you get harmed because of MT’s CPU hunger.
Rob says
Yeah. These days I wonder what I ever saw in MT.
On a side note, am I going to be ok to just leave my blacklist the way it is? With every letter of the alphabet in it? As long as these trackback spams keep coming in I’d just as soon do it that way.
Mark says
I don’t think that will have any effect with Spam Karma 1.15
Spam Karma should be handling it all.
How many spams have gotten through since I upgraded you a few hours ago?
Deleting even a dozen spams is going to be easier than having to wade through a moderation queue of several hundred to look for legitimate ones.
Rob says
Well I haven’t been able to access my site much, but Spam Karma has blocked two and three have made it through to moderation. Not sure if Spam Karma put them there or if they went there because of the blacklist.
Ann Elisabeth says
He isn’t getting through on my blog, and I’m not blocking any of his IP numbers. Not using any plugins either – yet. Figure that one out…
Mark says
You haven’t renamed your trackback file, and the RDF trackback info is still there.
Turned off trackbacks for older posts?
I see that none of your entries prior to October 2004 are trackback enabled.
Perhaps you blocked http://www.geocities.com/ge
I honestly don’t know. Care to share? You could do so privately by e-mailing me, if you wanted.
Ann Elisabeth says
I’ll share privately. No publishing. The longer Alexander can be kept in the dark, the better.
Ann Elisabeth says
I told Mark not to publish it. Yet the next day I find he has, on another blog – thinking I won’t see it.
Guess I won’t be sharing with you next time I figure out something smart, eh?
Mark says
I provided a hint, but not the specific ‘bit’ of info nor the code I wrote to use that ‘bit.’ I honestly didn’t think you’d mind that…
I certainly didn’t intend to do so subversively, as I posted it on a weblog tips site without hiding my identity.
I’m very sorry for having upset you, and I’ve requested that the comment be removed from the site, per your wishes. Hope you won’t hold this against me.
Ann Elisabeth says
Life’s too long to hold grudges.
What you posted would have been enough for any decent sys-admin to have gone “Ah, of course!”. So it would have tipped off the spammer, had he seen it.
On the other hand, I posted some things on my site just now, that may or may not be relevant to shutting him down.