We're probably not the only ones seeing a sharp increase in the amount of Trackback spam over the last couple of weeks. Trackbacks are a new feature in Geeklog 1.4.0 and we're still learning ...
So here's a first result of that learning process: A new version of the lib-trackback.php for Geeklog 1.4.0 that contains a few improvements to better fight Trackback spam:
- a separate speedlimit setting for Trackbacks
- stricter handling of the speedlimit for Trackbacks
- can optionally check if the site that sent the Trackback actually contains a link to your site
- option to log rejected Trackbacks
For the Trackback speedlimit, there is a new config setting (please add that line to your config.php):
// min. time between trackbacks or pingbacks, in seconds
$_CONF['trackbackspeedlimit'] = 300;
So far, Geeklog used the comment speedlimit for Trackbacks, but you will probably want to use a much longer speedlimit in case of spam attacks (e.g. 5 minutes, as in the above example).
The speedlimit is now also checked sooner after a Trackback has been received and initiated immediately, which should further help against spam attacks.
Trackback spam rarely comes from a site that actually links back to your own site. So a huge portion of that spam can be caught automatically by checking if the referred site actually contains a link to your site or not. Again, that's a new config setting (please add that line to your config.php):
// whether to check if trackbacks actually link to us:
// 0 = don't check, 1 = check against $_CONF['site_url'], 2 = check full URL
$_CONF['check_trackback_link'] = 2;
Please note, however, that this check will take some time as it will actually try to read, i.e. download, the page referred in the Trackback and that it will also increase the load on your server. We suggest that you still try and keep your personal blacklist (in the Spam-X plugin) up to date. Geeklog will check for spam first and only check for backlinks as the last resort.
Installation is simple: Download the archive, unpack it, and replace the lib-trackback.php file on your server with the one from the archive. Then add the two new options to your config.php file (adjusting the values to your own needs, if necessary).
These changes have been backported from the current CVS version and will also be present in Geeklog 1.4.1.