The secure CMS.

Resources

Getting started

Support

Development

Topics

User Functions





Don't have an account yet? Sign up as a New User
Lost your password?


What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackback comments

Links last 2 weeks


NEW FILES last 14 days

No new files

Welcome to Geeklog
Saturday, February 11 2012 @ 01:09 AM EST

Fighting Trackback spam, round 2

Sunday, September 10 2006 @ 02:55 PM EDT

Contributed by:

Views: 16,050

Spam

Three months ago, we released an update for Geeklog's Trackback handling that stopped Trackback spam by simply checking if the site in the Trackback URL was actually linking to your site. At least one spammer has now figured out how to circumvent that check and so it's time for the next round ...

Yet another update for Geeklog's lib-trackback.php is now available for download. This is a drop-in replacement for the lib-trackback.php of all Geeklog 1.4.0 releases (up to and including 1.4.0sr5-1).

Note: The download link was still pointing to the old file. If you downloaded it before September 15th, 2006 2 PM EDT, please download it again to get the correct version!

This new version can now also check the IP address of the Trackback against the IP address of the site in the Trackback's URL. And if those two don't match, it is most likely a spam post and can be rejected.

Please note that the interpretation of the config option $_CONF['check_trackback_link'] has changed slightly: You can now add up the values to perform more than one check:

0 = no check,
1 = check if the site links to $_CONF['site_url'] somehow,
2 = check that the site links to the exact URL the Trackback was sent to (e.g. an article on your site),
4 = new: check that the IP address the Trackback came from matches the IP address the linking site resides on

And if you want to check both the link and the IP address, you simply set $_CONF['check_trackback_link'] to 2 + 4 = 6, i.e. 

$_CONF['check_trackback_link'] = 6;

(Note: Using both 1 and 2 doesn't make a lot of sense, obviously, and will be treated as if you only chose 2)

Please note that even this additional check can be worked around. So it's always a good idea to have some other defenses in place as well.

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/fighting-trackback-spam-2

Here's what others have to say about 'Fighting Trackback spam, round 2':

dark under eye
[...] http://www.tglmia.com http://www.seo-smo.net/2010/02/02/tips-to-use-twitter-for-business http://www.geeklog.net/article.php/fighting-trackback-spam-2 http://www.remember-me-gifts.com [...] [read more]
Tracked on Thursday, March 10 2011 @ 10:14 PM EST

Fighting Trackback spam, round 2 | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Fighting Trackback spam, round 2
Authored by: imacdonald75 on Friday, September 15 2006 @ 01:47 PM EDT

I am not sure that the file posted is the most recent one. The tar file contains files dated from June and the README doesn't mention the new settings.

Fighting Trackback spam, round 2
Authored by: Dirk on Friday, September 15 2006 @ 02:16 PM EDT

I'm afraid you're right. Somehow, the file management plugin doesn't seem to want to replace the old file when I upload the new one. I've replaced it manually now and you should really get the correct tarball now (9873 bytes instead of the 9401 of the old one).

Sorry about that - that's what you get when you don't double-check things :-/

bye, Dirk
© 2001-2012 Geeklog
Created this page in 0.68 seconds 		Powered by Geeklog 1.8.1 
Hosted by pair.com