Wordpress Trackback Patch (1.22)
Since I’ve been getting a half-dozen trackback spam or more per day, I decide to code up the following to prevent botnets from placing trackback onto my blog. Just insert into wp-trackback.php immediately before the line that reads require(’wp-blog-header.php’);. The code checks the trackback for any URLs, and makes sure that at least one of them matches the IP address of the sender: very simple. Blogs sending trackback are unimpaired, because they cite their own url which resolves to the IP address of their trackback sending software:
/* Find spam urls */
preg_match(”/^(http://)?([^/]+)/i”, $excerpt, $matches);
$urls = $matches;
$urls[] = $tb_url;/* Make sure at least one URL resolves to spammer’s IP */
$spammer = true;
foreach($urls as $url){
$host = parse_url($url)[”host”];
if(gethostbyname($host) == $REMOTE_ADDR) {
$spammer = false;
}
}/* If spammer, die */
if($spammer) die();
I don’t know if this will help, but let’s hope it does! (Update, some hours later: No TB spam yet!)
This entry was posted on Tuesday, April 5th, 2005 at 4:34 pm and is tagged with code checks, botnets, header php, excerpt, urls, ip address, tb, spam, blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
on April 6th, 2005 at 4:50 am
That code will block some legitimate trackbacks. Consider this scenario: a virtual web hosting server with several IP address, the first IP is 10.1.1.1 and example.com is placed in 10.1.1.2. When example.com does a trackback to your site, then the source IP address is not 10.1.1.2, but 10.1.1.1. Your code will then see this trackback as spam, CMIIW. You should check if the source IP address of the trackback is within C class block.
Furthermore, this will block all trackbacks from offsite trackback services such as haloscan.
on April 6th, 2005 at 4:52 am
Hmm, looking at that code its not doing entirely what you specify
The docs for checkdnsrr state that the return type is an int and:
Therefore, looking at the code snippit above I think
$spammerwill get set tofalseis any of the urls resolve, rather than if any of urls resolve and match$REMOTE_ADDR.on April 6th, 2005 at 1:06 pm
@Priyadi. Yes. I’m aware that virtual hosts and offsite trackbacks will break, but I don’t really care, so long as the majority of non-spam trackbacks still function.
@Westi, that’s a mistake. I should replace checkdnsrr() with gethostbyname() instead. I must have been tired…
on April 6th, 2005 at 6:59 pm
What I do is scan incoming trackbacks like they are comments, with my Pivot-Blacklist software. It checks for MT-Blacklist patterns, personal blacklist patterns, SURBL listings and DSBL listings.
I have yet to receive the first spammy trackback ever since and the same goes for false positives. Haven’t had any of those either.
on April 6th, 2005 at 11:21 pm
I’m willing to bet that most Wordpress users are on virtual hosting account and your code will block almost all of legitimate trackbacks
on June 9th, 2005 at 7:03 am
And by blocking the likes of Haloscan you are excluding Blogger and most of the other tools for people who can’t afford a massive webhosting account. Plus most people who host small-to-medium sized blogs will be on shared hosts, and if they can’t trackback then they won’t link to you either.
on June 9th, 2005 at 8:30 pm
It’s a tradeoff, for sure, and that’s why it’s called a “hack.” And, since I use WP, most people that want to trackback me also use WP, and we all get along. I rarely (ever?) get a trackback from haloscan. So, yeah. Don’t use if you don’t want to block a lot of good trackbacks with the bad. In fact, it’s not actually going to necessarily block the bad ones either! It just “happens” to
on June 10th, 2005 at 4:49 am
But it also screws people who ‘also use WP’ but on a ’shared server’ host- like me for example.
on July 20th, 2005 at 4:21 am
martinho da vila
Wordpress Trackback Pa…
on July 20th, 2005 at 4:24 am
knapster
Wordpress Trackback Pa…
on August 23rd, 2005 at 6:09 pm
ESOMEPRAZOLE
Wordpress Trackback Pa…
on September 8th, 2005 at 2:03 am
please hack this IP
212.219.231.1
anyone who see’s this and is a hacker, please have a go, its a school website in Uk, Wales, South Glamorgan, Cardiff. Called Fitzalan High
www.fitzalan.cardiff.sch.uk/
even on theyr own website theyr asking (begging) students for help creating the school website… LAME!
its a pathetic school… someone wana have some fun with theyr systems?
lmfao
i’d love to see it pwnd by many hackers
yours sincerily N4PALM
on September 9th, 2005 at 6:26 am
[…] Mal wieder, 15 mal Bankcreditloansfuckshit in 2 Minuten, *****. Und das trotz Hashcash. Aber det macht ja nur die normalen Spams. Also mal flugs den Trackbackspampatch gefahren. Update soon. […]
on February 5th, 2006 at 7:33 am
Use it with care!
This “hack” cuts off up to 90 percent normal Trackbacks from friendly blocks!
A lot of sites have a same IP address because of share hosting or same proxy
on June 5th, 2006 at 1:59 am
[…] Wordpress Trackback Patch (1.22) by Elliott Back: Since I’ve been getting a half-dozen trackback spam or more per day, I decide to code up the following to prevent botnets from placing trackback onto my blog. […]
on July 16th, 2006 at 4:31 pm
Hello Elliot,
I use a different “IP filter” on my webpage. It filters the accessing remote address and the requested hostname (rember: $_SERVER[’SERVER_NAME’]), It also does a “syntax check” on the given server name. So it does also - hopefully - prevent some attacks on the SERVER_NAME element.
Additionally it tries to resolv the given hostname and when this is different to $_SERVER[’SERVER_ADDR’] then it blocks the access attempt.
It will also block if the server’s name is not resolvable or the remote address.
If you like I can send a copy of it to you.
Quix0r
on August 10th, 2006 at 6:25 am
free,film,http://www.99tvb.com
on December 2nd, 2006 at 6:45 pm
That guy with the free film is a spammer.
Maybe you want to install the Spam Karma 2 Plugin plus my CPR plugin. 
on December 20th, 2006 at 11:39 am
I think that it,s impossible catch spammer by IP filter…
on January 9th, 2007 at 9:51 am
[…] This patch by Elliott Back checks if IP address of some URL is equal to the trackback sender; I didn’t try it, but from its comments, quite some people are complaining this patch blocks many legitimate trackbacks. […]