Why doesn't the trackback table store the uid of the user who posted it? That would make it easy to ban accounts used by spammers. The profile page could then include a show all trackbacks area.

Of course I also wonder why there isn't a system feature called "Trackback.Write" that you can deny anonymous access to. That would probably eliminate 80% of my trackback spam.

You seem to misunderstand how trackbacks work. They are always anonymous and can not be tied to a account on your site.

Have you installed the update for lib-trackback.php yet (also included in the latest Geeklog releases)? This pretty much stops any Trackback spam.

bye, Dirk

Why? How is the world a better place because people can anonymously litter junk on my webpages? I've been using the Internet for almost 20 years and I cannot fathom the value of cross-page links having to be anonymous. There is no part of my website that allows anonymous users to change my website (short of the views counts). No voting, no comments, no story submissions. Nothing. Why would I allow anonymous users access to the what's related block?

Having just read the specification, I enjoy how bloggers have not learned from the mistakes of history. In any case, just because all this stuff is automated does not mean that GL has to display trackbacks automatically. Perhaps I'll hunt down the submission hack I saw in the hacks forum....
I upgraded from 1.3.11 on 7/21 according to my filesystem. Should this change have been included in the 1.4.0sr5 tar?

If you don't like trackbacks, then you can always switch them off. See the documentation.


Make sure you have $_CONF['check_trackback_link'] set to 1 or 2 in your config.php. It default to 0, meaning no checks, unfortunately, when you don't set that option at all.

bye, Dirk

I have all the trackback spam settings configured according to the updated info, but I am still getting an assortment of trackbacks which go to random .info domains. Has anyone else seen this?

P.S. Although I've been blowing up the forum with questions this week, I've been running GL for a year and a half, and I still think it's the best CMS out there, period. Thanks, Dirk, you are very appreciated for all the work you do.

---

Luhme summa dat GL.

OK, I have done everything suggested for trackback spammers, including setting my speedlimit to 900. All this has done is limit the amount of trackback spam I get to 4 an hour.

Every single link is to a randomly generated prefix followed by .info, and they all redirect to my2ch.info.

How can I block *.info from ever appearing as a trackback?

---

Luhme summa dat GL.

Hmm, I would be really interested in those trackback spams. There is a way to work around the new spam check, but I somehow doubt the spammers are that desperate yet.

Can you email me some of those, please? Thanks.

bye, Dirk

Here's one that came in in the last five minutes

Now, they must be storing the link back somewhere in there mess to fool the validation, but remapping the return string when someone clicks the link.

---

Luhme summa dat GL.

k, got it - feel free to delete it.

bye, Dirk

Is there a way to add *.info to my personal SpamX blacklist?

---

Luhme summa dat GL.

OK, so adding http://.*.info to my personal SpamX blacklist finallly blocked the attack. I'll just have to remember to clear the SpamX logs...

Wed 06 Sep 2006 15:01:38 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 212.227.93.20
Wed 06 Sep 2006 15:01:38 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:02:59 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 222.124.24.117
Wed 06 Sep 2006 15:02:59 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:04:37 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 129.41.250.20
Wed 06 Sep 2006 15:04:37 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:05:41 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 129.41.250.20
Wed 06 Sep 2006 15:05:41 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:06:40 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 59.165.163.21
Wed 06 Sep 2006 15:06:40 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:07:54 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 198.70.193.250
Wed 06 Sep 2006 15:07:54 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:11:57 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:11:57 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:13:12 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 88.39.135.90
Wed 06 Sep 2006 15:13:12 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:13:48 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:13:48 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:13:56 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 213.147.3.80
Wed 06 Sep 2006 15:13:56 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:14:55 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 129.41.250.20
Wed 06 Sep 2006 15:14:55 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:15:39 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:15:39 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:17:28 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 62.7.244.103
Wed 06 Sep 2006 15:17:28 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:17:46 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:17:46 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:18:35 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:18:35 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:18:38 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:18:38 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:18:53 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 81.208.95.27
Wed 06 Sep 2006 15:18:53 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:19:23 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 61.60.91.61
Wed 06 Sep 2006 15:19:23 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:20:25 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 59.165.163.21
Wed 06 Sep 2006 15:20:25 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:20:37 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 81.208.95.27
Wed 06 Sep 2006 15:20:37 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:20:41 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 200.216.215.110
Wed 06 Sep 2006 15:20:41 EDT - Deleted Spam Comment
Wed 06 Sep 2006 15:21:36 EDT - Found Spam Comment matching http://.*.info posted by user 1 from IP 88.39.135.90
Wed 06 Sep 2006 15:21:36 EDT - Deleted Spam Comment

---

Luhme summa dat GL.

Comparing some of those IP addresses with our server logs here, it looks like it's the trackback spam I was briefly talking about here. Those were all blocked by Bad Behavior, though. Maybe I should let some through, just to see how they do it ...

bye, Dirk

Apologies to DubiousChrisJ for not believing him - these spammers do indeed defeat Geeklog's new trackback check.

We've actually been hammered with those for a while, but they have successfully been blocked by Bad Behaviour. And, as mentioned in the blog post above, they all use the same user agent string of an old Firefox version:

That's easy to block in a .htaccess, if you don't mind blocking someone who happens to still use that version (very unlikely, I would think).

Well, off to the next round ...

bye, Dirk

So either require all visitors to login before they see any and all content. Or turn off trackbacks.