« Comments.cgi and Server Loads | Main | Is Someone Stealing Your Content? The DMCA Is Your Friend »

Trackback Spam

Trackback spammers have recently been flooding blogs with spam, often with hundreds per day. Although MT's Spam Lookup plugin junks most of the spam, the flood of trackbacks can put a strain on server resources. To take a look at the amount of trackback spam you may be getting, click on "Trackbacks" from your main blog menu, then select "Junk Trackbacks".

Listed here are some defensive measures you can take.

Moderate all trackbacks

MT 3.2 allows you to approve all trackbacks before they post to your site. To do this, go into your blog's "Settings" and select "Feedback". Scroll down to the TrackBack section and check the checkbox next to "Moderation". Save changes.

Spam Lookup

MT 3.2 ships with a powerful anti-spam plugin called Spam Lookup. If you are getting hit by a flood of trackback spam, look for the common unwanted words or specific strings to block. If a spammer is leaving URLs like http://yucky.nasty.com and http://icky.nasty.com, all you have to do is block "nasty.com". Do this by adding the domain name in the Plugins > SpamLookup > Keyword Filter Settings > Keywords to Junk "Keywords to Junk" in .

Spam Lookup makes use of PERL Regular Expressions. So by adding a few characters to your keywords you can have more flexibility in what you block. (Personally, I have no idea how to use Regular Expressions. If there is someone out there in the community who is willing to walk me through the basics and what one would most often use with Spam Lookup, I'll be happy to write it up.)

Neil Turner has written the tutorial Making the Most of SpamLookup which explains more about this plugin.

Other Measures

Akismet is a distributed spam filtering system that can be used to fight comment and trackback spam.

MTDisguiseTrackbackURL from MT-Hacks

MTAutoBan - prevents the same sources from filling your database with junk.

TrackBack patch for MT3.2 - changes the trackback API to use identifying strings instead of numerics as the trackback key.

SpamLookup Extension - This modification to SpamLookup provides the ability to apply word filters to specific fields in the comments and trackbacks, rather than the conglomeration of all fields.

Auto-delete junk comments/trackback script for MT 3.2

Links:

Six Apart Guide to Comment Spam
Making the Most of SpamLookup
Movable Type User Manual section on Spam Lookup

Comments (2)

1) The single most effective means of blocking spam trackbacks is to junk trackbacks whose domain IP address doesn't match the IP address of the machine that actually sent the trackback.

Spammers are using botnets of compromised PC's to send their spam, but none of these machines will be hosting the actual domain that appears in the trackback.

SpamLookup can be configured to automatically junk these types of trackbacks by clicking on the "Show Settings" link under "SpamLookup - Lookups" (on the main Plugins page in MT), then under "Advanced Trackback Lookups", click on "Junk Trackbacks from suspicious sources".

This setting alone catches 99% of spam trackbacks on my weblogs.

2) SpamLookup Keywords and regexes:

I have a post on how SpamLookup's Keyword filter works, along with a couple of examples of where you should use a regex (including how to junk comments /trackbacks based on words that appear only within URLs, similar to the URL Patterns that MT-Blacklist had).

If you'd like more information about regexes in general, or you have specific examples you'd like to see how they could be set up as regexes, drop me a line. :)

Toni [TypeKey Profile Page]:

I have been using the CCode and TCode plugin from Alogblog's MTy Plugins and haven't had to delete a single comment or trackback spam since installing it.

It catches the spam before it is loaded to the server, thereby decreasing server load. As you know, MT 3.2 reinforced the method for anti-spams, however, this means a little more load on the server because of each SpamLookup plugin's working, such as IP, link, content Filtering. Therefore too many spams in a short time may cause an overload on some servers.

This plugin also runs mt-comments.cgi in order to compare the proper comment fields. But its calculating loads are trivial, and if incoming feedbacks are made by guessing feedback URL by spammer, MT's SpamLookup'll be never happened, so it'll lessen server loads.

You need to edit the Individual Entry template to use this plugin, and add code to the mtsite.js, but full instructions are given and most MT users would have no trouble installing it.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)