I’ve received only a small taste of the trackback spam that has been floating around, yet it’s still enough to be annoying, especially since I didn’t really have any good way of addressing it. With comments, I can moderate them. I can make sure they have approval. Not the case with trackbacks.
Luckily, Jacques has put together a nice little modification of Brad’s DSBL plugin. I installed it, though I have yet to receive any messages, so I really have no idea if it works or not. I just thought I’d give it a shot, because it uses a method close to my own heart. Namely, it sits there and does the work so that I don’t have to worry about it. At least, that’s the idea.
If you have any problems posting comments or trackbacks, let me know.
Update: So I received, depending on how you count them, one or two submissions that made it through the plugin. After thinking about it, the first, Arvind’s comment below, is probably okay. The second came from an online poker site, and was submitted via 200.39.103.229, which is found on the opm.blitzed.org site. At least by querying it through the form provided. That means that it doesn’t quite seem to be working as expected. Time to dig into it a little bit.
Update: So there was a buglet in the version I downloaded yesterday. Actually, there is still a buglet in the version I checked today, provided you are wanting to block trackbacks from open proxies. I’m sure Jacques will have it fixed post-haste. Is post-haste a hyphenated word? Anyway, I’ve also done some tweaking of my own.
For one, I like to see if a plugin is registered in the list. Helps me to know if I programmed it correctly, for the most part. If not, it won’t show because there was an error parsing it. I also wanted to be able to check on the status of a particular IP address. So I’ve made some changes (including fixing the extra buglet) and made it available. To use, open, save as dsbl_deny.pl, put in your plugins directory.
Update: To check an individual IP address using a template tag, use this format:
<$MTDSBLDeny ip="200.39.103.229"$>
When you rebuild, you’ll get an error message if there is a problem with the IP address. This is probably useless to most, but since it wasn’t working, I was trying to figure out what the heck was wrong, and this really helped my troubleshooting, so I’m making it available. Enjoy.
Comments
5 responses to “Trying to Block the Bad People”
The current MT Install procedures mention something about renaming the trackback and comment scripts at point of install.
They seem to think that once the spammers have got hold of your link then changing it after the event is not as effective since they already have your site address and can run a search down your site until they find it.
If you change it upfront then it makes your site harder to locate in the first place, since they run websearches for the default script names in order to locate blogs.
R
The changing of the name may or may not help. It will at most delay someone picking up your script name. Since it is typically advertised on the entry page, it’s not possible to completely hide it (unless you turn off trackbacks completely). This isn’t a huge deterrent, but it means you don’t have a completely standard setup, which may or may not help.
As to the modified plugin, it takes the place of Brad’s version, and it will check both comments and trackbacks.
I’m starting a new mega-blog to consolidate my various sites, and I want to start out from the beginning with the best possible protection coupled with ease of use for users. My plan is to rename the comments script, use your MT-Approval, Brad’s DBSL plugin, and have MT-Blacklist as a backup. But regarding trackback spam, I’ve two questions: 1) Is it possible/necessary/useful to change the name of the trackback script? 2) Does your modified dsbl plugin take the place of Brad’s, or do I need both (one addressing comments, the other addressing trackback)?
Hi Ted –
It is also my recollection that Blacklist does handle trackback spam as well as – or in addition to, at any rate – comment spam, but I don’t use Blacklist, so that doesn’t help much. Still, if you do, it’s probably fine for you.
Trackbacks are something like remote comments. If I create an entry on my blog that links to your blog, and we both have trackbacks enabled, then when my blog saves the entry, it will mosey over to your site, find the trackback information, and your blog will create a link to my entry, so that people will be able to read some more information at my blog.
Make sense? If not, check out this entry. It has a trackback, which was sent from someone else talking about the entry, and now my entry points back to theirs. Very similar to a comment, except it’s done elsewhere and then the computers exchange the information. Kinda cool really.
My brain has a recollection that Blacklist does something with trackback spam. I haven’t ever figured out what trackback is, so I haven’t turned it on.