Wordpress Trackback Patch (1.22)
Since I’ve been getting a half-dozen trackback spam or more per day, I decide to code up the following to prevent botnets from placing trackback onto my blog. Just insert into wp-trackback.php immediately before the line that reads require(’wp-blog-header.php’);. The code checks the trackback for any URLs, and makes sure that at least one of them matches the IP address of the sender: very simple. Blogs sending trackback are unimpaired, because they cite their own url which resolves to the IP address of their trackback sending software:
/* Find spam urls */
preg_match(”/^(http://)?([^/]+)/i”, $excerpt, $matches);
$urls = $matches;
$urls[] = $tb_url;/* Make sure at least one URL resolves to spammer’s IP */
$spammer = true;
foreach($urls as $url){
$host = parse_url($url)["host"];
if(gethostbyname($host) == $REMOTE_ADDR) {
$spammer = false;
}
}/* If spammer, die */
if($spammer) die();
I don’t know if this will help, but let’s hope it does! (Update, some hours later: No TB spam yet!)
| This entry was posted on Tuesday, April 5th, 2005 at 4:34 pm and is tagged with code checks, botnets, header php, excerpt, urls, ip address, tb, spam, blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback. |
21 Responses to “Wordpress Trackback Patch (1.22)”
Leave a Reply
That code will block some legitimate trackbacks. Consider this scenario: a virtual web hosting server with several IP address, the first IP is 10.1.1.1 and http://example.com is placed in 10.1.1.2. When http://example.com does a trackback to your site, then the source IP address is not 10.1.1.2, but 10.1.1.1. Your code will then see this trackback as spam, CMIIW. You should check if the source IP address of the trackback is within C class block.
Furthermore, this will block all trackbacks from offsite trackback services such as haloscan.
Hmm, looking at that code its not doing entirely what you specify
The docs for checkdnsrr state that the return type is an int and:
Therefore, looking at the code snippit above I think
$spammerwill get set tofalseis any of the urls resolve, rather than if any of urls resolve and match$REMOTE_ADDR.@Priyadi. Yes. I’m aware that virtual hosts and offsite trackbacks will break, but I don’t really care, so long as the majority of non-spam trackbacks still function.
@Westi, that’s a mistake. I should replace checkdnsrr() with gethostbyname() instead. I must have been tired…
What I do is scan incoming trackbacks like they are comments, with my Pivot-Blacklist software. It checks for MT-Blacklist patterns, personal blacklist patterns, SURBL listings and DSBL listings.
I have yet to receive the first spammy trackback ever since and the same goes for false positives. Haven’t had any of those either.
I’m willing to bet that most Wordpress users are on virtual hosting account and your code will block almost all of legitimate trackbacks
And by blocking the likes of Haloscan you are excluding Blogger and most of the other tools for people who can’t afford a massive webhosting account. Plus most people who host small-to-medium sized blogs will be on shared hosts, and if they can’t trackback then they won’t link to you either.
It’s a tradeoff, for sure, and that’s why it’s called a “hack.” And, since I use WP, most people that want to trackback me also use WP, and we all get along. I rarely (ever?) get a trackback from haloscan. So, yeah. Don’t use if you don’t want to block a lot of good trackbacks with the bad. In fact, it’s not actually going to necessarily block the bad ones either! It just “happens” to
But it also screws people who ‘also use WP’ but on a ’shared server’ host- like me for example.
martinho da vila
Wordpress Trackback Pa…
knapster
Wordpress Trackback Pa…
ESOMEPRAZOLE
Wordpress Trackback Pa…
please hack this IP
212.219.231.1
anyone who see’s this and is a hacker, please have a go, its a school website in Uk, Wales, South Glamorgan, Cardiff. Called Fitzalan High
http://www.fitzalan.cardiff.sch.uk/
even on theyr own website theyr asking (begging) students for help creating the school website… LAME!
its a pathetic school… someone wana have some fun with theyr systems?
lmfao
i’d love to see it pwnd by many hackers
yours sincerily N4PALM
[...] Mal wieder, 15 mal Bankcreditloansfuckshit in 2 Minuten, *****. Und das trotz Hashcash. Aber det macht ja nur die normalen Spams. Also mal flugs den Trackbackspampatch gefahren. Update soon. [...]
Use it with care!
This “hack” cuts off up to 90 percent normal Trackbacks from friendly blocks!
A lot of sites have a same IP address because of share hosting or same proxy
[...] Wordpress Trackback Patch (1.22) by Elliott Back: Since I’ve been getting a half-dozen trackback spam or more per day, I decide to code up the following to prevent botnets from placing trackback onto my blog. [...]
Hello Elliot,
I use a different “IP filter” on my webpage. It filters the accessing remote address and the requested hostname (rember: $_SERVER['SERVER_NAME']), It also does a “syntax check” on the given server name. So it does also - hopefully - prevent some attacks on the SERVER_NAME element.
Additionally it tries to resolv the given hostname and when this is different to $_SERVER['SERVER_ADDR'] then it blocks the access attempt.
It will also block if the server’s name is not resolvable or the remote address.
If you like I can send a copy of it to you.
Quix0r
free,film,http://www.99tvb.com
That guy with the free film is a spammer.
Maybe you want to install the Spam Karma 2 Plugin plus my CPR plugin. 
I think that it,s impossible catch spammer by IP filter…
[...] This patch by Elliott Back checks if IP address of some URL is equal to the trackback sender; I didn’t try it, but from its comments, quite some people are complaining this patch blocks many legitimate trackbacks. [...]
are you guys really complaining
Beginning of a very valid idea, good job.