Getting Rid Of Trackback Spam
Here’s a great tip for webmasters of Wordpress blogs or any blog really. If you run a blog you may be aware of the ability to send a “trackback” ping to another blog. This can be abused by sending a “ping” to your site with a link to their site so you will click on it or approve it as a legitimate comment.
Though you can implement anti spam modules like Akismet, it is possible that spam can still slip through the cracks. One of the ways to help block this involves a modification to your .htaccess file found in the root directory of your site. All you have to do is edit your .htaccess file and include a list of known trackback spam IP senders.
We have implemented this list in our .htaccess file, and it has helped tremendously in cutting down spam. It comes from a list of Tor routers monitored by MIT:
UPDATE: I took down the list because it was outdated. You can find a current list here: http://proxy.org/tor_blacklist.txt
You can also find a great list of IP’s from Texas A&M here (by month). If you have any lists feel free to post links to them here as comments.
(1 votes, average: 5.00 out of 5)
Loading ...Filed under: Blogging, Webmasters, Wordpress
Aren’t you at risk blocking people who may share the above IPs? Most of us use shared hostin.
Hi Vlad,
Thanks for the comment.
Well these are IP’s that are from known Tor routers (Tor is a anonymous browsing system), not from any large shared hosting ISP. I have weighed the risks of blocking these IP’s, and I have come to my own conclusions that it is worth the risk. Since I implemented this list – I have gotten 0 trackback spams!
I’m sure a few spams will sneak their way in once the trackback spammers figure out that I am using this list to block them, but as far as I’m concerned the problem is solved for now!
You’re right in that some of those IP’s “are IP’s that are from known Tor routers”, and those include “large shared hosting ISP”’s. See, there are many who give away 50-100KB/s or something like that when they’re running a small website with a server that’s limited to 4-5 mbit.
And your list is already outdated. You see, there are about 800 tor-routers and some of them are run on dedicated servers at large ISP’s, some of them are run on ADSL lines, and they are all run by people who – unlike you – understand the importance of privacy, traffic analysis resistance, free speech, and so on. So if you want to publish a list of Tor-routers then you can forget about using a blog to do it, you need to run your own Tor-client and use the officila directory (which is what MIT publishes) and update the list hourly or a few times a day or something like that. Because yesterdays list of Tor-servers is a list of servers who have been in the network in the past but are no longer there, the previous IPs of ADSL Tor-servers now used by some other random ADSL customer – and it doesn’t include half of the servers who are actually in the network at any given moment.
There is a list that’s updated regularly at http://proxy.org/tor_blacklist.txt but you should know that you’ll have to update your .htaccess frequently to make it have any value at all.
The better solution to spam is to disallow trackbacks and only allow pingbacks. A pingback is a trackback except that you need to link to your site at the URL which is pinged for the trackback to appear. WP, which you’re using, already supports this, you can configure it pr. post and set a default setting for all posts. It’s really simple to do.
I could have written this using a pingback, but you’ve put the blog webserver on your list.
anonymous I agree with you. I took down the list and updated the post with your link. Thank you. contrary to your belief I am a backer of anonymity online to a point – when it comes to my business I cannot have someone completely anonymous signing up here at Firelead – because of obvious reasons. I also want to get rid of trackback spam because it is annoying. I will take your suggestions into consideration.