Trackback Validator Plugin
Introduction
The TrackBack Validator plugin for WordPress performs a simple but very effective test on all TrackBacks in order to stop spam.
Legitimate TrackBacks are sent by people commenting on your weblog, accompanied by a URL that points to that commentary. Spam TrackBacks are accompanied by a URL that points to a pay-per-click affiliate website or other irrelevant material. The Validator exploits this key difference:
- When a TrackBack is received, the plugin retrieves the Web page located at the URL included in the TrackBack.
- If the page contains a link to your weblog, the TrackBack is approved.
- If the page does not link to your weblog, the TrackBack is flagged as spam and rejected.
Because TrackBack spammers do not set up custom Web pages linking to the weblogs they attack, this simple test will quickly reveal illegitimate Trackbacks.
We are actively developing additional heuristics to add to the plugin; if you observe TrackBack spam that makes it past this plugin, please let us know.
—Dan Sandler and Andy Thomas
Downloads
- TrackBack Validator Plugin v0.7.1 (ZIP)
- Older versions: v0.7, v0.6
Installation
Prerequisites: You need an installation of WordPress version 1.5 or later.
- Unzip the trackback_validator_VERSION.zip file; it will contain the file README.txt and the directory TBValidator. Move TBValidator to your <wordpress-directory>/wp-content/plugins directory.
- Using the WordPress administration interface, turn on the Validator from the “Plugins” page.
- The “Options” page will now have an additional tab, “Trackback Validator,” which allows you to configure the plugin and to see a graph of recent trackback classifications (see the screenshot).
Changelog
- version 0.7.1 [21-May-2006]
- Fixes a bug with WordPress 2.x blogs.
- version 0.7 [17-May-2006]
- Removed problematic dynamic link page detection. (Additional research will tell us what exactly we need to look for in order to defend against dynamically generated spam sites; since we’ve never seen any of these in the wild, it’s not currently a high priority anyway.)
- Improved the robustness of data reporting. Reports now use an HTTP POST interface and will submit data to trackback-db.cs.rice.edu, rather than a fragile IP address (!). Data reported by our users is crucial to the research process; see our forthcoming technical report to see how this data is used.
- Fixed the trackback history graph. It would silently fail on hosts without GD installed; the new version doesn’t require GD at all (and is therefore a lot simpler).
- version 0.6 [announced 19-Nov-2005]
- Added a simple check against spammers’ dynamic link pages.
- Simplified the data submission routines.
- Set up framework for PageRank comparisons.
- Cleaned up code.
- version 0.5 [announced 24-Aug-2005]
- first iteration
A plea for help
This is the subject of active research by the Computer Security Lab at Rice University. We ask you to enable the “Submit Data” option, to send data back to us for scholarly analysis. You’re free to use this plugin without reporting data, but your data is important to us as we attempt to understand the evolving attack profiles of weblog spammers.
Screenshot
Support
For the time being, just get in touch with us if you run into bugs (or false negatives/positives).
[...] http://idli.cs.rice.edu/~dsandler/trackback/trackback-validator-plugin/ [...]
[...] I just saw the WordPress Trackback Validator plugin fly by my aggregator and immediately installed it. I knew Dan online back in middle school, so with this endorsement, I installed it instantly: The Computer Security Lab at Rice just released the first public version of the Trackback Validator plugin for WordPress blogs. Since I’ve been using it, I’ve had 100% classification accuracy on Trackbacks (read: every legit Trackback makes it through, not a single spam Trackback). Maybe Trackback isn’t quite so dead after all. [...]
[...] If the page does not link to your weblog, the trackback is flagged as spam and rejected. Link: http://idli.cs.rice.edu/~dsandler/trackback/trackback-validator-plugin/ Tags: wp-plugins trackback spam [...]
[...] (PS, I just installed this groovy plugin to fight trackback spams. [...]
[...] tool. No responses to ‘Stop Trackback Spam – WordPress Plug-in’. RSS feed for comments and Trackback URI for ‘Stop Trackback Spam – WordPressPlug-in’. [...]
[...] I fought Comment Spam, and now I’m starting to get Trackback Spam in it’s place. This is a problem I haven’t really had to deal with much until now. Hopefully this will do the trick. If it doesn’t, I may consider turning trackbacks off, since they are rarely ever used anyway. –> [...]
[...] A recent spate of trackback and comment spam has lead me to install some anti-junk plugins on this site. Specifically, I’m now using Trackback validator to delete anything from people who leave a trackback, but haven’t actually linked to me. [...]
[...] Note to self: look at Trackback Validator Plugin over on Trackback Spam Resources. [...]
[...] This is the first attack I’m aware of that specifically attempts to thwart backlink checkers like the Trackback Validator I helped with this past summer. When we started the project, we predicted that trackback spammers would either give up and go home (ha!) or they’d continue with the arms race and develop some kind of dynamic spam page in response. [...]
[...] Trackback Validator 0.6 [...]
[...] Daarna heb ik meteen de trackback validator plugin geinstalleerd. Deze plugin controlleert actief of een trackback ping verwijst naar een bestaande pagina. Deze methode zou in principe de Trackback spam van gisteren moeten detecteren. [...]
[...] Je viens de mettre en place un plugin pour contrôler les trackbacks, qui repose sur une idée plutôt simple, mais efficace : le plugin vérifie lors de chaque trackback, la page en référence contienne effectivement un lien vers mon site. [...]
[...] lr2Spam to combat comment spam Trackback Validator to combat trackback spam. [...]
[...] We aren’t getting hit too hard with Spam here, but Porcelain has been getting slammed as of late. So I installed some anti comment spam (lr2Spam) and anti trackback spam (Trackback Validator) tools to try to take the heat off. What’s good for the goose is good for the gander (or something like that), so those tools are in effect here. Take that you slimy bastards. –> [...]
[...] Ihr erinnert euch evtl, dass ich mal Spam Karma installiert hatte. Leider hat dieses nicht zum gewuenschten Ergebnis gefuehrt und wurde sehr schnell wieder deaktiviert. Seither ist Spam Karma 2 erschienen, aber ich versuche mal etwas anderes. Seit eben gerade im Einsatz ist das Trackback Validation Plugin des Computer Security Lab an der Rice University. [...]
[...] Yeni baþlayalanlar, bu yazýyla doymayanlar , WordPress de kullanýmý hakkýnda daha detaylý bilgi almak isteyenler þuraya ve þuraya bi bakýn derim. WordPress kullanýcýlarýna geri besleme geçerlilik plugini de bu yazýnýn hediyesi olsun. [...]
[...] Well, seeing as how this idea is so simple, I assumed rightly that I wasn’t the first to have it. Indeed, David Sandler has already written a fine plugin for WordPress which does this exact thing. [...]
[...] I haven’t really had much of a problem with trackback spam since I installed this trackback validator plugin. However, as their plugin is written, even though it stops the spam, it still e-mails you about it, which is quite annoying (I gave up wading through the wordpress plugin architecture to figure out why it was still e-mailing). [...]
[...] Robert’s Weblog has been hit with a flood of foul spam exploiting WordPress’ trackback capability. Legitimate Trackbacks are sent by people commenting on your weblog, accompanied by a URL that points to that comment. Spam Trackbacks are accompanied by a URL that points to a pay-per-click affiliate website or other irrelevant material1. [...]
[...] A new version of the Trackback Validator plugin is available! Download it here. [...]
[...] For the main blog, I’m using WordPress. This was mostly because an easy install of it was offered by my webhosting company, and I didn’t want to deal with the additional pain of installing it myself. The availability of plug-ins for it, and the fact that it is open-source, are also selling points for me. ***can it treat readers as users?*** I am using ***CAPTCHA*** to reduce comment spam. Trackback spam is being handled with the Trackback Validator Plugin, although I want to say right now that there is no guarantee that I’ll keep trackbacks operating, as I don’t see much point to them. [...]
[...] Just installed the Rice University Computer Security Lab’s plug-in designed to stop that. It’s called Trackback_Validator. We’ll see how well it works. [...]
[...] We’ve just released version 0.7 of the Validator; this is a strongly recommended upgrade for all our current users. We have improved the reliability and robustness of almost all aspects of the plugin, including spam classification, administration, and data reporting. Go grab version 0.7 and be free of TrackBack spam! [...]
[...] It’s a simple concept that I’ve seen implemented at the Washington Post blogs. It basically validates IF there is a link to your site in the post that’s “tracking back”. It’s called Trackback Validator Plugin and should work for anything around WordPress 1.5 and up. Akismet looks to be available for other blog/cms as well. If you’re using another cms I’d look into a trackback validator. In theory, this should stop the rest of the trackback spam and likely take a bit of the load of akismet, because I would think it would filter things out before they get to akismet. Testing it on this site right now, will add to the others later. [...]
[...] Update: Trying Trackback Validator. If it works, you know who to thank. [...]
[...] I am experimenting with methods to prevent comment spam and trackback spam. I decided to use Anti-Spam Image, and Trackback Validator. The anti-spam image will simply ask for you to enter a series of letters/numbers in order to make sure that you are a real person, and not a spam bot. The Trackback validator will check the referencing URL to make sure that it is a legitimate trackback. So, I have turned off the requirement to register in order to comment, you may comment at will! [...]
[...] Decidido a tomar medidas más serias contra el spam mediante trackback, he dado con este plugin para WordPress que parece bastante efectivo: Trackback Validator. [...]
[...] Site updates: Spam prevention May 20th, 2006 by Groo We’ve been getting higher-than-average amounts of Comment and Trackback spam recently, so I’ve gone ahead and installed two WordPress plugins in an attempt to control the problem a bit better: Trackback Validator and Bad Behavior. [...]
[...] Version 0.7.1 is now available for download. It fixes a bug on WordPress 2.x blogs: wp_post.comment_count wasn’t correctly updated when rejecting spam TrackBacks, causing the blog’s frontpage to show one too many comments (if the current theme features a display of the number of comments per post). [...]
[...] Nos últimos dias (mas muitos) o meu blogue tem sido invadido por SPAM, aquele termo informático que muito directamente e sem deambularmos, significa LIXO. Não é que vocês o vejam, na realidade não vêm mesmo, todo ele fica retido e é sobre essa retenção que quero falar um pouco. Habitualmente o SPAM é feito de uma maneira muito básica, constroem-se robots de net que correm determinadas sequências de programação e atacam x alvos em rodada e de forma agressiva. Como não é novidade nenhuma o WordPress, motor que uso na minha página pessoal a partir da sua versão 2.0 veio equipado com uma coisa chamada Askismet que reduz bastante esse tipo de lixo, no entanto a moda do SPAM expandiu-se e além dos habituais comentários, ataca agora também os Trackbacks e é ai que o Askimet me estava a falhar um pouco, em 15 deixava passar 4, que mais tarde tinha que eliminar à pata, dessa forma e porque fazer tal tarefa todos os dias é cansativa procurei por um complementar ao SPAM para o WordPress e foi assim que achei o Trackback Validator Plugin que é bastante eficaz e que recomendo a quem sofra do mesmo mal. [...]
[...] También he añadido un complemento para evitar los spam mediante trackback. Se trata del Trackback Validator Plugin, que el propio Boriel recomienda en la entrada correspondiente a Captcha! [...]
[...] I shut off trackbacks until a quick check of Google turned up a defense for WordPress users. [...]
[...] Trackback Validator even thoug being a nice plugin that kills trackback spam, always emails you every trackback (even the filtered spam ones). It’s working very efficiently to me, anyway. There were two little issues with this plugin: until version 7.0, message counters in your blog were not correctly updated (instead, the plugin manages the WP database directly) and spam trackbacks are also mailed to you (so you might end up mail-flooded with spam as I did). This is the code related to this issue (at line #138 in file trackback_validator.php): <?php if(tb_run_checks($tb_info, $permalink)) { $tb_type="ham"; if($tb_options['auto_approve']) $wpdb->query("UPDATE $wpdb->comments SET comment_approved = ’1′ WHERE comment_ID = ‘$comment_ID’"); } else { $wpdb->query("UPDATE $wpdb->comments SET comment_approved = ‘spam’ WHERE comment_ID = ‘$comment_ID’"); $tb_type="spam"; } [...]
[...] Ab und zu aber doch. Meine anti-spam-Werkzeuge momentan: Die WordPress-Plugins Akismet und Trackback-Validator. [...]
[...] WP plugin: Trackback Validator Check back with the referring blog to make sure there is a link to your blog. Since there has been quite a splurge of trackback spam recently, this might come in handy. Technorati Tags: trackback validator wordpress plugin Related Posts from the Past: [...]
This is a timely plugin. Thank you for developing it.
~Jonathan
[...] Its been only a few days since I have been posting stuff here and I am already getting a lot of trackback spam. I have just now installed the Trackback Validator plugin for WordPress. It basically checks whether the trackback URL actually points to your blog or not, which spam sites atleast don’t do as of today. Nifty plugin!! [...]
[...] Check it out at Trackback Spam Resources. [...]
[...] WP plugin: Trackback Validator – Check back with the referring blog to make sure there is a link to your blog. If yes, the trackback is approved. If not, it’s tagged as spam. [...]
[...] La frase “luchando contra el spam” se refiere al plugin Trackback Validator, incluÃdo en nuestro wiki de plugins para WordPress hace tiempo pero que he redescubierto gracias a Weblog Tools Collection y que funciona comprobando si los sitios que envÃan trackbacks a tu web la enlazan realmente. Recomendado. Etiquetado como plugins y WordPress [...]
[...] Spam via trackbacks har blivit en allt vanligare metod. Här är en plugin som validerar trackbacks för att förhindra spam den vägen. Legitimate TrackBacks are sent by people commenting on your weblog, accompanied by a URL that points to that commentary. Spam TrackBacks are accompanied by a URL that points to a pay-per-click affiliate website or other irrelevant material. The Validator exploits this key difference: [...]
[...] Puedes descargarlo desde la web del desarrollador, pero si no entiendes ni papa de inglés te traduzco su explicación: Los trackback legÃtimos son enviados por gente que escribe sobre tu blog, acompañados de una URL que apunta a esa anotación. Los Trackbacks de Spam están acompañados de una URL que apunta a un sitio afiliado a un pay-per-click u otro material irrelevante. El Validator explota esta diferencia. [...]
Hi. I just installed this plugin but I get an error for the SPAM table:
DROP TABLE IF EXISTS `wp_tb_spam`, it does successfully create the wp_tb_data table though.
I deactivated the plugin, dropped the data table and started over but same results: the spam table is not created.
Any ideas? TIA.
What error do you get? Does it prevent the plugin from working correctly?
The `wp_tb_spam` table is used by an older version of the plugin, so it’s just trying to tidy up.
Trackback Validator para WordPress
Actualmente usando Akismet a veces se colaba algún comentario de SPAM en forma de trackback (e incluso un dÃa 20 seguidos ya que Akismet estuvo fallando) voy a empezar a usar Trackback Validator el cual lo comentan en Weblog Tools Collection.
La ide…
[...] También me aseguré que los TrackBack que enlazaran algún artículo, fuera reales. Para ello instalé Trackback Validator Plugin, y de momento no me arrepiento. [...]
[...] ИнтереÑÐ½Ð°Ñ Ð¿Ð»Ð°Ð³Ð¸Ð½ поÑвилÑÑ Ð½Ð° Ñайте http://www.seclab.cs.rice.edu, он позволÑет не допуÑкать trackback’и Ñо Ñпамом. РаÑÑкажу подробнее, как Ñтот плагин выполнÑет Ñвою работу: [...]
[...] Ein Plugin gegen Trackback-Spam zu installieren. Da wäre mal das Akismet-Plugin, welches sehr vielversprechend klingt. Dazu müsste ich aber hier erstmal nach WordPress 2.0 updaten, oder sollte ich. Mach ich vielleicht auch, nur nicht jetzt, irgendwann mal. Es gibt ja noch mehr Plugins: Den Trackback-Validator zum Beispiel. Dieser arbeitet so, dass die eingehenden Trackbacks überprüft werden, ob es wirklich diese Seite gibt, und ob dort der Eintrag zu dem der Trackback erfolgt, verlinkt ist. Bei Spam ist dies natürlich nicht der Fall, und so sollte dieser rauszufiltern sein. [...]
[...] – Trackback Validator Plugin; que es una medida para frenar el spam-manual; ¿que hace? cuando un trackback llega a tu sitio, este plugin analiza la página que lo origina y revisa que efectivamente haya un link al blog.. si no lo hay el trackback no es aprobado. [...]
[...] For Trackback Plugin For WordPress: http://seclab.cs.rice.edu/proj/trackback/trackback-validator-plugin/ [...]