Jump to content
Sign in to follow this  
hybrid

Blocking trackback spammers

Recommended Posts

I run my own CentOS 5-based web server which powers my website among a couple of others. I have a WordPress blog which attracts quite a lot of comment and more recently trackback spam.

 

I use the Akismet service, so it rarely ever gets through, but I'm finding from my server logs that I'm getting hit quite frequently by spammers giving it a try, sometimes every few seconds for several minutes at a time. Sitting there tail -f'ing the access_log when they do this and it becomes apparent they're knocking on the door quite frequently. I'd like to be able to implement some solution to block IPs if they attempt to do more than a few trackbacks in a certain amount of time.

 

I'm running the latest version of Apache 2.2 in the CentOS 5 repositories.

 

Here's an example from /var/log/httpd/access_log of the kind of thing I mean:

 

72.232.150.250 - - [10/Aug/2007:07:26:10 +0100] "POST /blog/2007/01/10/wpget-a-question-to-all-users/trackback/ HTTP/1.0" 302 338 "http://peter.upfold.org.uk/blog/2007/01/10/wpget-a-question-to-all-users/trackback" "TrackBack/1.02"

 

There are a few factors that might help in determining rules to implement:

  • More than a certain number of attempts within a certain time from the same IP (say, 15 in 5 minutes or more)
  • User-Agent set to TrackBack/versionnumber
  • URL in the form of /blog/year/month/day/string/trackback/ (with or without trailing slash)
  • HTTP POST request

What do you think the best solution for this is? I guess something could be done using iptables, but I'm pretty inexperienced at doing anything with iptables. If not, what is the best solution for this? Is it completely futile? Find out in... oops, sorry. :P

 

Thanks guys in advance. :)

  • Like 1

Share this post


Link to post
Share on other sites

Ban by the USER AGENT, it has to be the best way. In an .htaccess file at the DocumentRoot level place.

 

SetEnvIfNoCase User-Agent "^TrackBack" trackback

<Limit POST>
 order allow,deny
 allow from all
 deny from env=trackback
</Limit>

 

You can do <Limit GET POST HEAD> if they use GET and HEAD as well.

 

Oh wait though, do you want to only ban those that are constantly knocking on your door?

Share this post


Link to post
Share on other sites

Yeah, I could disable trackbacks entirely from WP and I guess they would all give up eventually if it kept 404'ing. There are still legitimate trackbacks I want to allow, so I want to prevent people who are doing it too much, without disabling it entirely.

 

I imagine that would be more complex to do... :)

Share this post


Link to post
Share on other sites
I imagine that would be more complex to do... :)

 

Well the only way to do that, would be to include some code inside the trackback code that does some sort of simple check against what came before. Checking for things like, that ip just gave me something, that url has just been fed to me before, that url has arrived too close to another trackback that just occurred. Maybe what you could do is go the whole hog and produce an administration section that lets to you vet the trackbacks, ok'in them in your own time. I don't think there is a directly easy solution.

 

Checking around the web I see some wordpress solutions:

http://blog.mytechaid.com/archives/2005/03...-spam-solution/ ?

 

http://www.optiniche.com/blog/117/wordpres...kback-tutorial/ <-- how it works, maybe to assist with writing your own solution.

Share this post


Link to post
Share on other sites

Thanks for the links and the help znx. :)

 

I will take a look and report back here if I have any success.

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...