Welcome to Geeklog Saturday, December 15 2018 @ 01:53 pm EST

Geeklog Forums

Trackback woes


Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Why doesn't the trackback table store the uid of the user who posted it? That would make it easy to ban accounts used by spammers. The profile page could then include a show all trackbacks area.

Of course I also wonder why there isn't a system feature called "Trackback.Write" that you can deny anonymous access to. That would probably eliminate 80% of my trackback spam.

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
You seem to misunderstand how trackbacks work. They are always anonymous and can not be tied to a account on your site.

Have you installed the update for lib-trackback.php yet (also included in the latest Geeklog releases)? This pretty much stops any Trackback spam.

bye, Dirk

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Quote by Dirk: You seem to misunderstand how trackbacks work. They are always anonymous and can not be tied to a account on your site.
Why? How is the world a better place because people can anonymously litter junk on my webpages? I've been using the Internet for almost 20 years and I cannot fathom the value of cross-page links having to be anonymous. There is no part of my website that allows anonymous users to change my website (short of the views counts). No voting, no comments, no story submissions. Nothing. Why would I allow anonymous users access to the what's related block?

Having just read the specification, I enjoy how bloggers have not learned from the mistakes of history. In any case, just because all this stuff is automated does not mean that GL has to display trackbacks automatically. Perhaps I'll hunt down the submission hack I saw in the hacks forum....
Have you installed the update for lib-trackback.php yet (also included in the latest Geeklog releases)? This pretty much stops any Trackback spam.
I upgraded from 1.3.11 on 7/21 according to my filesystem. Should this change have been included in the 1.4.0sr5 tar?

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
If you don't like trackbacks, then you can always switch them off. See the documentation.

Quote by jmucchiello: I upgraded from 1.3.11 on 7/21 according to my filesystem. Should this change have been included in the 1.4.0sr5 tar?

Make sure you have $_CONF['check_trackback_link'] set to 1 or 2 in your config.php. It default to 0, meaning no checks, unfortunately, when you don't set that option at all.

bye, Dirk

Status: offline

DubiousChrisJ

Forum User
Regular Poster
Registered: 10/05/05
Posts: 114
I have all the trackback spam settings configured according to the updated info, but I am still getting an assortment of trackbacks which go to random .info domains. Has anyone else seen this?

P.S. Although I've been blowing up the forum with questions this week, I've been running GL for a year and a half, and I still think it's the best CMS out there, period. Thanks, Dirk, you are very appreciated for all the work you do.
Luhme summa dat GL.

Status: offline

DubiousChrisJ

Forum User
Regular Poster
Registered: 10/05/05
Posts: 114
OK, I have done everything suggested for trackback spammers, including setting my speedlimit to 900. All this has done is limit the amount of trackback spam I get to 4 an hour.

Every single link is to a randomly generated prefix followed by .info, and they all redirect to my2ch.info.

How can I block *.info from ever appearing as a trackback?
Luhme summa dat GL.

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Hmm, I would be really interested in those trackback spams. There is a way to work around the new spam check, but I somehow doubt the spammers are that desperate yet.

Can you email me some of those, please? Thanks.

bye, Dirk

Status: offline

DubiousChrisJ

Forum User
Regular Poster
Registered: 10/05/05
Posts: 114
Here's one that came in in the last five minutes

Now, they must be storing the link back somewhere in there mess to fool the validation, but remapping the return string when someone clicks the link.
Luhme summa dat GL.

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
k, got it - feel free to delete it.

bye, Dirk

Status: offline

DubiousChrisJ

Forum User
Regular Poster
Registered: 10/05/05
Posts: 114
Is there a way to add *.info to my personal SpamX blacklist?
Luhme summa dat GL.

Status: offline

DubiousChrisJ

Forum User
Regular Poster
Registered: 10/05/05
Posts: 114
OK, so adding http://.*.info to my personal SpamX blacklist finallly blocked the attack. I'll just have to remember to clear the SpamX logs...

Wed 06 Sep 2006 15:01:38 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 212.227.93.20
Wed 06 Sep 2006 15:01:38 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:02:59 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 222.124.24.117
Wed 06 Sep 2006 15:02:59 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:04:37 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 129.41.250.20
Wed 06 Sep 2006 15:04:37 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:05:41 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 129.41.250.20
Wed 06 Sep 2006 15:05:41 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:06:40 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 59.165.163.21
Wed 06 Sep 2006 15:06:40 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:07:54 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 198.70.193.250
Wed 06 Sep 2006 15:07:54 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:11:57 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:11:57 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:13:12 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 88.39.135.90
Wed 06 Sep 2006 15:13:12 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:13:48 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:13:48 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:13:56 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 213.147.3.80
Wed 06 Sep 2006 15:13:56 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:14:55 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 129.41.250.20
Wed 06 Sep 2006 15:14:55 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:15:39 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:15:39 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:17:28 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 62.7.244.103
Wed 06 Sep 2006 15:17:28 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:17:46 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:17:46 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:18:35 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:18:35 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:18:38 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:18:38 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:18:53 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 81.208.95.27
Wed 06 Sep 2006 15:18:53 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:19:23 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:19:23 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:20:25 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 59.165.163.21
Wed 06 Sep 2006 15:20:25 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:20:37 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 81.208.95.27
Wed 06 Sep 2006 15:20:37 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:20:41 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:20:41 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:21:36 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 88.39.135.90
Wed 06 Sep 2006 15:21:36 EDT - Deleted Spam Comment


Luhme summa dat GL.

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Comparing some of those IP addresses with our server logs here, it looks like it's the trackback spam I was briefly talking about here. Those were all blocked by Bad Behavior, though. Maybe I should let some through, just to see how they do it ...

bye, Dirk

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Apologies to DubiousChrisJ for not believing him - these spammers do indeed defeat Geeklog's new trackback check.

We've actually been hammered with those for a while, but they have successfully been blocked by Bad Behaviour. And, as mentioned in the blog post above, they all use the same user agent string of an old Firefox version:
PHP Formatted Code
"Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1"
 


That's easy to block in a .htaccess, if you don't mind blocking someone who happens to still use that version (very unlikely, I would think).

Well, off to the next round ...

bye, Dirk

Status: offline

spatz4000

Forum User
Junior
Registered: 14/07/06
Posts: 25
So either require all visitors to login before they see any and all content. Or turn off trackbacks.


Quote by jmucchiello:
Quote by Dirk: You seem to misunderstand how trackbacks work. They are always anonymous and can not be tied to a account on your site.
Why? How is the world a better place because people can anonymously litter junk on my webpages? I've been using the Internet for almost 20 years and I cannot fathom the value of cross-page links having to be anonymous. There is no part of my website that allows anonymous users to change my website (short of the views counts). No voting, no comments, no story submissions. Nothing. Why would I allow anonymous users access to the what's related block?

Having just read the specification, I enjoy how bloggers have not learned from the mistakes of history. In any case, just because all this stuff is automated does not mean that GL has to display trackbacks automatically. Perhaps I'll hunt down the submission hack I saw in the hacks forum....
Have you installed the update for lib-trackback.php yet (also included in the latest Geeklog releases)? This pretty much stops any Trackback spam.
I upgraded from 1.3.11 on 7/21 according to my filesystem. Should this change have been included in the 1.4.0sr5 tar?

All times are EST. The time is now 01:53 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content