Technical Report on TrackBack
We have released a technical report about our TrackBack research and the effectiveness of the Validator in eliminating spam as of May 2006.
Abstract: The TrackBack protocol, conceived as a way to automatically link together web sites which reference one another, has become a new vector for spammers wishing to divert web surfers to their sites. A site which supports TrackBack allows any entity to inject arbitrary HTML code, plus the URL of the sender, into its pages; an attacker need only follow the TrackBack protocol to exploit the system and leverage such a site in a link farm. Current approaches to combating TrackBack spam are limited to content-based filters (of the sort currently used against email and weblog comment spam). In this paper, we propose a way to identify TrackBack spam by considering the relationship between the sender’s URL and the site under attack. In particular, we observe that, for spam TrackBacks, the page at the given URL does not link to the page to which the TrackBack was sent. We have developed software for weblog authors that rejects TrackBacks from sources lacking this reciprocal link. Data collected from our users demonstrates that this test is 100% accurate at identifying and separating spam from legitimate TrackBacks.
hi, i was wondering if there was a way to disable email notifications for trackbacks that have been marked as spam by this plugin
We haven’t figured out a way to do this from the plugin API, sorry.
Hey, guys- I did read about a solution to disable email notifications for trackbacks that have been marked by spam. It involves moving around some “delivered” WordPress code, but as long as you’re comfortable with that, I can report that it does seem to work.
It doesn’t seem to play well with this other excellent, well-known spam-fighting WordPress plugin called Bad Behaviour.
Since installing the TrackBack plugin, once in a while, my friends and even MYSELF (who aren’t spammers) cannot submit comments to my OWN website. Bad Behavior plugin rejects them. When I turn off TrackBack, everything is ok.
A few comments:
1) It might be useful to add “#” as a character that can come after $permalink_q in case someone is linking to a fragment in your page.
2) $pattern needs the “s” modifier so that the “.” metacharacter will match new line characters.
With the above two changes, the relevant line would be:
$pattern=”/.*/is”;
(or if you blog strips HTML tags from comments: $pattern=”/<\s*a.*href\s*=[\"'\s]*”.$permalink_q.”[#\"'\s]*.*>.*<\s*\/\s*a\s*>/is”;)
3) HTML tags can’t have whitespace between the less than symbol and the tag name nor before or after the “/” of the closing tag (and Mozilla at least doesn’t treat such things as HTML tags). I guess you’re being lenient with people who goof up their HTML? If you don’t want to be that lenient, the pattern would be:
$pattern=”/.*/is”;
(or $pattern=”/<a.*href\s*=[\"'\s]*”.$permalink_q.”[#\"'\s]*.*>.*<\/a\s*>/is”;)