Trackback Validator Plugin

Introduction

The TrackBack Validator plugin for WordPress performs a simple but very effective test on all TrackBacks in order to stop spam.

Legitimate TrackBacks are sent by people commenting on your weblog, accompanied by a URL that points to that commentary. Spam TrackBacks are accompanied by a URL that points to a pay-per-click affiliate website or other irrelevant material. The Validator exploits this key difference:

  1. When a TrackBack is received, the plugin retrieves the Web page located at the URL included in the TrackBack.
  2. If the page contains a link to your weblog, the TrackBack is approved.
  3. If the page does not link to your weblog, the TrackBack is flagged as spam and rejected.

Because TrackBack spammers do not set up custom Web pages linking to the weblogs they attack, this simple test will quickly reveal illegitimate Trackbacks.

We are actively developing additional heuristics to add to the plugin; if you observe TrackBack spam that makes it past this plugin, please let us know.

Dan Sandler and Andy Thomas

Downloads

Installation

Prerequisites: You need an installation of WordPress version 1.5 or later.

  1. Unzip the trackback_validator_VERSION.zip file; it will contain the file README.txt and the directory TBValidator. Move TBValidator to your <wordpress-directory>/wp-content/plugins directory.
  2. Using the WordPress administration interface, turn on the Validator from the “Plugins” page.
  3. The “Options” page will now have an additional tab, “Trackback Validator,” which allows you to configure the plugin and to see a graph of recent trackback classifications (see the screenshot).

Changelog

  • version 0.7.1 [21-May-2006]
    • Fixes a bug with WordPress 2.x blogs.
  • version 0.7 [17-May-2006]
    • Removed problematic dynamic link page detection. (Additional research will tell us what exactly we need to look for in order to defend against dynamically generated spam sites; since we’ve never seen any of these in the wild, it’s not currently a high priority anyway.)
    • Improved the robustness of data reporting. Reports now use an HTTP POST interface and will submit data to trackback-db.cs.rice.edu, rather than a fragile IP address (!). Data reported by our users is crucial to the research process; see our forthcoming technical report to see how this data is used.
    • Fixed the trackback history graph. It would silently fail on hosts without GD installed; the new version doesn’t require GD at all (and is therefore a lot simpler).
  • version 0.6 [announced 19-Nov-2005]
    • Added a simple check against spammers’ dynamic link pages.
    • Simplified the data submission routines.
    • Set up framework for PageRank comparisons.
    • Cleaned up code.
  • version 0.5 [announced 24-Aug-2005]
    • first iteration

A plea for help

This is the subject of active research by the Computer Security Lab at Rice University. We ask you to enable the “Submit Data” option, to send data back to us for scholarly analysis. You’re free to use this plugin without reporting data, but your data is important to us as we attempt to understand the evolving attack profiles of weblog spammers.

Screenshot

Support

For the time being, just get in touch with us if you run into bugs (or false negatives/positives).

This entry was posted on Thursday, July 14th, 2005 at 11:46 am by Dan Sandler. It has been filed under . You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

130 Responses to “Trackback Validator Plugin”

« Older Comments
  1. David Ing says:
    September 17, 2007 at 6:10 am

    Hi, I was interested in your plugin, but it doesn’t seem to be as strong as I would need. I’ve got moderation on for all comments and trackbacks, and am running Akismet, Referrer Bouncer, Bad Behaviour, and reCaptcha. Even with all of these, I’ve got spam showing up on Akismet (not on my blog, fortunately) that I clean out periodically. Since the spam is getting past reCaptcha, I think that it’s trackback spam instead of comment spam.

    I’ve now installed WP-Ban, and entering some IP addresses for repeat offenders. If I’m understanding how the Trackback Validator Plugin works, it would only put flag the trackback to be put into the Akismet queue, and I would be in the same place as I already am, i.e. cleaning up by using WP-Ban to block specific IP addresses.

    I know that cleaning up the Akismet queue isn’t as bad as having actually spam showing up on the blog … but I finally installed WP-Ban because I figured out that across three blogs, I maybe spend 5 to 10 minutes per day clearing off spam. I supposed that I could just leave it alone and let the entries expire naturally, but I have caught a few false positives over time, so I’m not inclined to do that.

  2. Web Hosting Reviews, Web Site Hosting says:
    October 6, 2007 at 6:29 pm

    Web Hosting Reviews, Web Site Hosting

    I couldn’t understand some parts of this article, but it sounds interesting

  3. David Ing says:
    October 11, 2007 at 9:24 am

    Hi. I’ve been running Akismet, Angsuman’s Referrer Bouncer, Bad Behavior, reCAPTCHA, Worst Offenders and WP Ban on two of my blogs. Spam isn’t visible on the blogs, because I moderate everything, but there’s always a long list of entries in Akismet to clean up.

    Since I installed reCAPTCHA, I assumed that the spam comments were coming from trackback spam. However, after running Trackback Validator for a week, the Recent Activity is zero. Does this mean (a) that I’m not getting trackback spam, or (b) I don’t need the Trackback Validator Plugin after all?

    How do I diagnose where the comment spam is coming from? Looking at the access logs, I see “POST /blogs/wp-comments-post.php” with status codes of 403 (probably from WP Ban), 302, and 417. Thanks.

  4. testing Trackback Validator Plugin at james.murty.org says:
    November 15, 2007 at 9:55 pm

    [...] testing Trackback Validator Plugin by linking to this post on the sydney siggraph website [...]

  5. Virtual Hosting Blog » No More Comment Spam! 46+ Free Tools and Resources to Stop Blog Spammers says:
    November 20, 2007 at 1:55 pm

    [...] Rice University Trackback Plugin: This plugin, designed by Rice University students, is the original trackback validator that the above listing is based on. [...]

  6. Cyde Weys says:
    November 21, 2007 at 1:18 pm

    “Because TrackBack spammers do not set up custom Web pages linking to the weblogs they attack, this simple test will quickly reveal illegitimate Trackbacks.”

    Unfortunately, this is no longer true. They’re doing exactly that. Is there any way to fix this beyond simply adding all trackbacks into an auto-moderation queue?

  7. W.ordPress » Spam y Trackbacks says:
    December 23, 2007 at 2:51 pm

    [...] En base a un archivo modificado de wp-trackback.php que me envió Maty, hice unos cambios a éste para que haga casi lo mismo que el plugin Trackback Validator, que básicamente verifica que el sitio que envía la petición contenga un enlace recíproco a la entrada a la que se hace referencia (ver el paper para mayores detalles). La limitación de este método, tal y como reconoce una de las personas que participó en ese proyecto, es que puede evadirse fácilmente de diferentes modos (con CSS, comentarios HTML, JavaScript, generación dinámica de contenidos, etc). [...]

  8. ManyakHost // Tasarım » Post Topic » WordPress Kurulumunuzda Öntanımlı Olması Gereken Eklentiler // 17 Tane says:
    December 24, 2007 at 9:21 am

    [...] Trackback Validator: Bu eklenti Rice Üniversitesinin bir araÅŸtırma planı. Ne kadar iyi çalıştığını bilmiyorum ama kurduÄŸumdan beri çok az trackback spam almaya baÅŸladım. [...]

  9. Affiliate Best Programs says:
    January 7, 2008 at 5:20 pm

    More WordPress Plugins and Where to Find Them

    WordPress is the most popular blogging software for domain based blogs. While Blogger and Blogspot still encompass the vast majority of blogs on the internet, both of the afformentioned free services are too cluttered with spammy blogs and blogs that …

  10. Glen says:
    January 11, 2008 at 7:19 pm

    I suspect you are not actively enhancing the TrackbackValidator so I hope you can detail a bit of the code. The validator is doing a fantastic job of catching the trackback spam. However, it is doing it late in WordPress’s trackback processing. My admin account gets an email for every comment and trackback. Unfortunately, it is getting emails for trackbacks that the validator is capturing. Given that the validator has determined it is spam, I’d love it is I never got the email that the trackbackc had been generated in the first place.

    I’m sure others want the email so they can oversee the validator in case it makes an error but for me, trackbacks are a low priority and I’d rather have the validator take care of things for me.

    Could you explain a bit about the plugin so I might change it to prevent emails to my admin account for captured trackbacks ?

  11. Trackback Validator Plugin - snowcounty says:
    January 29, 2008 at 2:50 pm

    [...]  Here is the link: http://seclab.cs.rice.edu/proj/trackback/trackback-validator-plugin/ August 30 2006 rliang No comments Filed under: General [...]

  12. JTPRATT's Blogging Mistakes says:
    February 4, 2008 at 4:17 pm

    I’m starting to get a lot of trackbackspam, and I wondered if you had plans to upgrade this plugin to be compatible with WordPress 2.3.x+? Your last build says that it’s compatible with 1.5+, and the last build date was 2006. Is this version 2.3.x compatible natively?

  13. Spam Filter Free Spam says:
    February 21, 2008 at 7:17 am

    Use A Spam Filtering Tool To Manage Spam And Save Hours Everyday

    For most of us, changing our primary email address to get rid of spam is not really an option. This is because our email addresses are known and used by many of our contacts and may also be printed on business cards and other material. We certainly don…

  14. Ause Texas Real Estate says:
    March 6, 2008 at 1:20 am

    Is there an updated plugin available? I’m using wordpress 2.2.

    Very cool tool.

    Thanks.

  15. Capturing Blog » Wordpress Plugins/Spam Tools says:
    March 8, 2008 at 12:32 am

    [...] Trackback Validator Plugin(http://seclab.cs.rice.edu/proj/trackback/trackback-validator-plugin/) [...]

  16. Opony says:
    March 16, 2008 at 12:26 pm

    I wanted to add a little more function to avoid both comments and trackback spams to my blog, and I looking down WordPress Codex page then found this trackback validator plugin.

  17. Ooops! My bad!!! « StormPeak’s Weblog says:
    April 30, 2008 at 7:32 pm

    [...] My bad!!! July 13, 2006 Posted by stormpeak in General. trackback Well, for some reason, before I upgraded to the latest version of WordPress, I couldn’tlocate where to moderate comments (RTFD, Bill!!!). Anyway, I was getting swamped by spam (I now hate anything poker, backgammon, or gambling-related, let alone the “discounted meds” and “enlargement pill/patches”), and just finished manually deleting 1,087 spam comments!!! But, now I’ve installed the WordPress plugin, “Trackback Validator”, and not only has the spam stopped, but my blog has gotten much easier to maintain. My apologies to those few who have made comments to my posts, and hopefully I’ve got a handle on it now. [...]

  18. Locale II says:
    May 18, 2008 at 12:03 pm

    trackback seo

    Some companies pay $5 per permanent reciprocal links, where two sites maintain a permanent link to one another, often with anchor-texts or a review.
    Go figure what the value of a reciprocal on a ‘hot’ topic is worth. For a serious networker…

  19. Weight loss says:
    May 29, 2008 at 2:42 pm

    Weight loss

    Diet Products and Weight Loss Supplements at Discount Prices. Save 50-70% on quality products.

  20. Trackback revisited. | mobilephotos says:
    June 29, 2008 at 1:43 pm

    [...] So how to prevent trackback spam? Try Spam Trackback Validator plugin. [...]

  21. natural penis enlargement says:
    September 29, 2008 at 11:16 am

    natural penis enlargement

    natural penis enlargement

  22. El spam en blogs renovado: los TrackBaks fantasmas | rienzie - Entretenimiento y curiosidades says:
    October 15, 2008 at 5:51 am

    [...] Patrick D’appollonio de Marlex Systems me avisa de la existencia de un plugin que valida los trackbacks falsos. Se llama “Trackback Validator” y con tan solo instalarlo ya nos filtrará los comentarios en forma de TrackBack falsos. De todas formas puedes configurar dos opciones en “Opciones > Trackback Validation” ¿Eres nuevo por aquí? Te recomiendo suscribirte al canal RSS del blog para leerlo a través de un lector de Feeds cuando quieras. [...]

  23. epic wealth systems says:
    November 4, 2008 at 11:00 am

    epic wealth systems

    Heh– I’ m headed for London tomorrow for a DRM meeting organized by Suw Charman– some other blogospheroids who’ ll be there are Cory Doctorow , Simon Willison , and James Cox (Imajes). Today Tom Morris tells me that Tech Crunch’ s Michael Arr…

  24. advertising and publicity says:
    November 11, 2008 at 11:45 pm

    advertising and publicity

    Please Note: Comment Moderation Maybe Active So There is No Need To Resubmit Your Comments Social Network Subscribes to feed Stumble this site main post Add to my Technorati favourite August 2008 M T W T F S S« Jun 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 …

  25. Wordpress Comments Part One: Plugins | Final Stop says:
    November 28, 2008 at 3:21 pm

    [...] Trackback Validator Plugin:Performs a simple and effective test to verify authenticity of trackbacks. [...]

  26. Alexg says:
    December 4, 2008 at 12:41 am

    Hello!
    WOW! Greate plugin!!

    Is it plugin compatible to WP 2.6?

    Regards,
    AlexG
    http://www.freshmobile.us

  27. Gaby - colours of the soul » Plugin Trackback Validation says:
    December 13, 2008 at 5:56 am

    [...] Leider musste ich vor ca. 2 Wochen mit dem ersten Spam-Trackback Bekanntschaft machen. Also bin ich auf die Suche nach einer Abwehr gegangen. Bei Trackback Spam Resources hab ich dann auch recht schnell das Richtige für dieses Problem gefunden. Das Plugin Trackback Validator. Installiert wird es wie immer: Downloaden, entzippen und in den Plugin-Ordner von WordPress (wp-content/plugins) hochladen. Im Adminbereich aktivieren. Unter Optionen findest Du einen Bereich ‘Trackback Validation’. Die Einstellungen sind hier auf der Abbildung zu sehen. Von da an prüft es ob der Trackback berechtigt ist und zu dem entsprechenden Bericht passt. Trackbacks sind automatische Benachrichtigungen über Berichte anderer Blogs, welche einen Link zu einem speziellen Bericht setzen. Und was soll ich sagen… Es ist sehr erfolgreich! . [...]

  28. » SpamViewer - WordPress Plugins Catalog says:
    January 11, 2009 at 12:15 am

    [...] The Spam Viewer allows you to delete or rescue any comments marked as Spam out of your database. All comments marked as Spam in the WordPress table comments is listed below and from the plugin Trackback Validator in the table wp_data. [...]

  29. SpamViewer Plugin | WordPress Plugins Database - WordPressPluginsDatabase.com says:
    February 24, 2009 at 2:06 am

    [...] The Spam Viewer allows you to delete or rescue any comments marked as Spam out of your database. All comments marked as Spam in the WordPress table comments is listed below and from the plugin Trackback Validator in the table wp_data. [...]

  30. dentist st petersburg says:
    July 29, 2010 at 4:02 pm

    Your Article Was Hand Picked For Sydication On:…

    I liked this article so much I have chosen to syndicate it…

« Older Comments