Trackback Validator Plugin
Introduction
The TrackBack Validator plugin for WordPress performs a simple but very effective test on all TrackBacks in order to stop spam.
Legitimate TrackBacks are sent by people commenting on your weblog, accompanied by a URL that points to that commentary. Spam TrackBacks are accompanied by a URL that points to a pay-per-click affiliate website or other irrelevant material. The Validator exploits this key difference:
- When a TrackBack is received, the plugin retrieves the Web page located at the URL included in the TrackBack.
- If the page contains a link to your weblog, the TrackBack is approved.
- If the page does not link to your weblog, the TrackBack is flagged as spam and rejected.
Because TrackBack spammers do not set up custom Web pages linking to the weblogs they attack, this simple test will quickly reveal illegitimate Trackbacks.
We are actively developing additional heuristics to add to the plugin; if you observe TrackBack spam that makes it past this plugin, please let us know.
—Dan Sandler and Andy Thomas
Downloads
- TrackBack Validator Plugin v0.7.1 (ZIP)
- Older versions: v0.7, v0.6
Installation
Prerequisites: You need an installation of WordPress version 1.5 or later.
- Unzip the trackback_validator_VERSION.zip file; it will contain the file README.txt and the directory TBValidator. Move TBValidator to your <wordpress-directory>/wp-content/plugins directory.
- Using the WordPress administration interface, turn on the Validator from the “Plugins” page.
- The “Options” page will now have an additional tab, “Trackback Validator,” which allows you to configure the plugin and to see a graph of recent trackback classifications (see the screenshot).
Changelog
- version 0.7.1 [21-May-2006]
- Fixes a bug with WordPress 2.x blogs.
- version 0.7 [17-May-2006]
- Removed problematic dynamic link page detection. (Additional research will tell us what exactly we need to look for in order to defend against dynamically generated spam sites; since we’ve never seen any of these in the wild, it’s not currently a high priority anyway.)
- Improved the robustness of data reporting. Reports now use an HTTP POST interface and will submit data to trackback-db.cs.rice.edu, rather than a fragile IP address (!). Data reported by our users is crucial to the research process; see our forthcoming technical report to see how this data is used.
- Fixed the trackback history graph. It would silently fail on hosts without GD installed; the new version doesn’t require GD at all (and is therefore a lot simpler).
- version 0.6 [announced 19-Nov-2005]
- Added a simple check against spammers’ dynamic link pages.
- Simplified the data submission routines.
- Set up framework for PageRank comparisons.
- Cleaned up code.
- version 0.5 [announced 24-Aug-2005]
- first iteration
A plea for help
This is the subject of active research by the Computer Security Lab at Rice University. We ask you to enable the “Submit Data” option, to send data back to us for scholarly analysis. You’re free to use this plugin without reporting data, but your data is important to us as we attempt to understand the evolving attack profiles of weblog spammers.
Screenshot
Support
For the time being, just get in touch with us if you run into bugs (or false negatives/positives).
[...] - Trackback Validator Plugin; que es una medida para frenar el spam-manual; ¿que hace? cuando un trackback llega a tu sitio, este plugin analiza la página que lo origina y revisa que efectivamente haya un link al blog.. si no lo hay el trackback no es aprobado. [...]
[...] La frase “luchando contra el spam” se refiere al plugin Trackback Validator, incluÃdo en nuestro wiki de plugins para Wordpress hace tiempo pero que he redescubierto gracias a Weblog Tools Collection y que funciona comprobando si los sitios que envÃan trackbacks a tu web la enlazan realmente. Recomendado. [...]
Fighting trackback spam
I wanted to add a little more function to avoid both comments and trackback spams to my blog, and I looking down WordPress Codex page then found this trackback validator plugin.
For WordPress 2.x users, make sure to download version 0.7.1 or later.
…
[...] Wordpress Plugin: Trackback Validator Für alle Trackback-Spam-geplagten Blogger gibt es für Wordpress nun Abhilfe gegen das in letzter Zeit stark zunehmende Spamming per Trackback. Das Trackback Spam Resources hat hierzu das Plugin Trackback Validator veröffentlicht. Es prüft, ob der Trackback tatsächlich gerechtfertigt ist, also ob ein Link zum eigenen Blog in dem Trackback-sendenden Post vorhanden ist. Legitimate TrackBacks are sent by people commenting on your weblog, accompanied by a URL that points to that commentary. Spam TrackBacks are accompanied by a URL that points to a pay-per-click affiliate website or other irrelevant material. The Validator exploits this key difference: [...]
[...] Eigentlich immer noch. Seit, etwa zwei Wochen versuchen hier des nächtens Spammer ihren Dreck abzuladen. Vorzugsweise als Trackback getarnt. Der von mir benutzte Trackback-Validator leistet hervorragende Dienste, und alle Spamattacken erfolgreich herausgefischt. [...]
TRACKBACK VALIDATOR
[...] Mas, a discussão valeu pra alguma coisa, então, a tÃtulo de pesquisa, estou desabilitando o Akismet temporariamente e instalei o TRACKBACK VALIDATOR, um simples plugin que faz um trabalho monstruoso, bloquear essa enxurrada de trackback-spam de um modo muito simples: Ao receber um trackback-spam no blog, ele simplesmente “remete-se” ao blog proveniente do spam e verifica se existe um link “real” para o seu blog, se não houver (nenhum spammer linka suas vÃtimas), ele simplesmente recusa o trackback e o apaga. Tudo nesse plugin é simples, até a sua instalação, que é subir a pasta com arquivo e tudo pra dentro da pasta wp-content/plugins/ e habilitá-lo. [...]
[...] But this won’t stop trackback spam which seems to come in bursts, so I’ve also added the Trackback Validator Plugin from the Computer Security Lab at Rice University which visits the referrers of trackbacks received to ensure that there is really a link to you from that site in that page. [...]
[...] In rete è possibile reperire altri plugin specifici, nel caso del Trackback Validator (http://seclab.cs.rice.edu/proj/trackback/trackback-validator-plugin/), ci sentiamo di informare che attivando quel plugin il numero dei trackback spam aumenta considerevolmente; blogger avvisati… [...]
[...] Also her mit einer Methode, die eben nix in eine DB schreibt. Dem Hinweis von Michael bin ich gerne gefolgt und habe daher nun zwei neue Spamtools installiert. Eines davon hat Michael / Software Guide Blog selbst geschrieben: 1. Math Comment Spam Protection Plugin Er erklärt dort die Einzelheiten. Vorteil: Kein Captcha-Kram und der Kommentar bleibt erhalten, wenn der User einen Fehler begangen hat. Einen Fehler? Ja, eine simple Addition falsch berechnet. Klaro könnten das die Spammer knacken, aber hey… so what. 2. Akismet steht als Ausputzer in der zweiten Verteidigunsgreihe bereit, um seine Blutgrätsche gegen Dribbelkünstler auszupacken. 3. Gegen Trackback-Spam habe ich das ebenfalls von Michael empfohlene Trackback Validator Plugin installiert. Es checkt, ob der Spammer einen Backlink in seinem “Text” auf mein Blog gesetzt hat. Echte Spammer tun das nicht. Obwohl es mittlerweile findigere Spammer gibt, die via Tricks den Backlink tatsächlich einbauen, danach aber wieder rausnehmen. Und wenn schon, unser Ausputzer steht bereit. [...]
[...] I’ve detailed some of the struggles I had for a bit with FLOODS of comment spam. Details of the issue and a fix which has been rock solid for Wordpress can be found in the following posts (reverse chronological order): Update on comment spam storms, trackback spam countermeasures such as akismet and trackback validation, another trackback storm, botnets spreading trackback spam?, Initial trackback storm. To sum up though, I’ve found 2 plugins to make for a rock solid combination here in wordpress. Akismet (which caught 99% or so of trackback spam) and The trackback validator plugin which caught everything else. (99% sounds good, but when you’re getting thousands of attempts a day?) [...]
[...] Well, for some reason, before I upgraded to the latest version of WordPress, I couldn’t locate where to moderate comments (RTFD, Bill!!!). Anyway, I was getting swamped by spam (I now hate anything poker, backgammon, or gambling-related, let alone the “discounted meds” and “enlargement pill/patches”), and just finished manually deleting 1,087 spam comments!!! But, now I’ve installed the WordPress plugin, “Trackback Validator”, and not only has the spam stopped, but my blog has gotten much easier to maintain. My apologies to those few who have made comments to my posts, and hopefully I’ve got a handle on it now. [link] [...]
[...] hatte am 06.07. meine Spam-Plugins umgestellt: 1. Math-Plugin von SW Guide installiert (diese kleine Berechnungsfeld in dem Kommentarformular), um Kommentarspam abzuhalten. Kommt ohne Datebank-Zugriffe aus. Klappt bisher perfekt! Kein Kommentarspam mehr. Die Datenbank wird geschont. Wehrt natürlich nicht den Trackback-Spam ab. 2. Spam Karma komplett aus wegen zu viel Last 3. Akismet ebenso aus Lastgründen deaktiviert, wird aber zeitweise aktiviert, um den Trackback-Spam zu entfernen, der sich angesammelt hat. Zumal sich dort hin und wieder false positive TB Spam verfängt. Nach dem Löschen der Spameinträge wird Akismet wieder deaktiviert. 4. gegen Trackback-Spam habe ich den Trackback Validator eingebaut. Der läuft wie das Math-Plugin ganz ohne eigene DB-Tabellen. Blockt TB Spam so, dass es nicht in den Kommentaren angezeigt wird. Kleiner Nachteil: Da ich bei jedem neuen Kommentar bzw Trackback eine Mail bekomme, erhalte ich nach wie vor auch eine Mail, wenn TB Spam eingeht. Ist aber zu verschmerzen, da man das in einen Mailordner automatisiert via Mailregeln wegfiltern kann. [...]
List of all Wordpress Antispam Plugins.
[...] Trackback Spam Resources » Trackback Validator Plugin [...]
WordPress und Trackbacks
Heut fand ich einen Link auf ein Trackback-Validator-Plug-In und dachte mir “Das ist ja toll!”. Denn so etwas hatte ich schon länger vermißt.
Und dann schaute ich mich mal bei b2evolution genauer im Admin-Bereich um – und stellte fest: Das gibt es…
[...] This blog is now protected from trackback spam by trackback validator. [...]
[...] Â Here is the link: http://seclab.cs.rice.edu/proj/trackback/trackback-validator-plugin/ [...]
[...] Mal wieder ein paar Worte zu Wordpress-Plugins. In den letzten Tagen war mein Layout im Internet Explorer zerschossen, worauf ich allerdings erst hingewiesen werden mußte (Danke!), weil ich ausschließlich Firefox verwende. Nach längerer Suche konnte ich das Problem identifizieren: Lange URIs in den Kommentaren, die durch GetRecentComments angezeigt wurden, waren Schuld. Dieses Plugin ließ sich auch wegen einer seltsamen Fehlermeldung über die Redeklaration der Funktion kjgrc_subpage_exclude_cat() nicht mehr konfigurieren, aber in einem Forum fand sich dafür eine Lösung. Danach war es natürlich ein leichtes, die Einstellung zum Umbrechen langer Wörter anzupassen, auch wenn ich zunächst erfolglos versucht habe, hier den LinkTruncator zu verwenden. Weil ich gerade dabei war, habe ich auch noch den Trackback Validator installiert. Der nervige Trackback-Spam hatte in letzter Zeit doch etwas überhand genommen. [...]
[...] Trackback Validator helps prevent trackback spam. Between this and Akismet it should control most of your spam. [...]
[...] The TrackBack Validator plugin has been installed which performs a simple but very effective test on all TrackBacks in order to stop spam. [...]
[...] - Onlywire - RawSugar - reddit - Scuttle - Shadows - Simpy - Spurl - tagtooga - TalkDigger - Wink - Yahoo MyWeb- [...]
WP - Trackback Validator Spam Cleaner (Plugin)
Ich nutze den Trackback Validator schon lange Zeit und bin mit dem Ergebnis recht zufrieden. Allerdings gab es einige kleine Sachen, die mir nicht gefallen haben: unter anderem wollte ich die Einträge in der Datenbank nicht unnötig groß halten und z…
[...] Immáron sokadjára a komment és trackback spamek a téma. Adott egy ötletes plugin, a trackback validator. Ennek a lényege, hogy minden olyan trackback-et automatikusan spamnek jelöl, ahol a származási oldalon nincs link (backlink) hozzánk. Ez tök jó, ámde lehetne a dolgot picit még tovább fejleszteni. [...]
[...] Here is a plugin for trackback spamming . For those who dont know what is trackbck, click here. [...]
Nice plugin. I think this will be of great use for me. Great work.
[...] In einem älteren Beitrag - Trackback Validator Spam Cleaner Plugin - hatte ich bereits auf ein Plugin hingewiesen, mit dem ich die Einträge verwalte, die das Plugin TrackbackValidator erkennt und speichert. Es kommt doch immer mal vor, dass korrekte Trackbacks als Spam erkannt werden und so nicht den Weg in den Kommentarbereich von WordPress finden. Das Plugin kann die falschen Einträge retten und unnötige Einträge in der Datenbank löschen, um diese klein zu halten. Nachdem ich dann mit einigen WordPress-Nutzern, Danke dabei an Michael, Matthias, Robert und Fabian, am testen war, sind gleich mehrere Wünsche hinzugekommen und so musste ich das Konzept umstellen und hier ist nun ein Plugin für alle WP-user, die ihre Datenbank pflegen wollen und leidlich von Spam geplagt sind. [...]
Maßnahmen gegen Spam in WordPress
Ich hatte es bereits in einem anderen Beitrag geschrieben: Das HNA-Blog wird derzeit von Kommentar- und Trackbackspam geradezu überflutet. Was also tun? Kommentare nicht zuzulassen ist keine Lösung (muss ich nicht erklären, oder?). Manche gehen sogar…
My Wordpress is configured to send me a mail when a trackback or comment is posted. I’m still getting trackback notification e-mail for trackbacks that the plugin is catching and killing; is there a way to stop this?
Spam Protection
I used Akismet for spam protection so far and it worked well in the way that all spam comments were filtered and not displayed. But why letting spam come in if it’s also possible to block it already before. So I just installed the Math Comment Sp…
[...] The one under my probation (Trackback Validator Plugin) is written by Computer Security Lab of Rice University. It determines a trackback is a spam or not based on the assumption that legitimate trackback contains link back to my site. Somehow that looks more logical to me, that’s why I’m trying. Let’s see. 2006-05-08 00:42 [...]
[...] So in the future (for wordpress users), just use Akismet and Trackback Validator plugin for spam prevention. Many thanks Zeo for the guide! (also had the plugin installed in my wordpress, so had to remove it to prevent such thing from happening to me) Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
[...] I’ve installed a trackback validator plugin, but that’s really not helping as it just ends up in Akismet with all the other crap, so I still have trouble spotting the real comments. [...]
[...] The reason I suffered this annoyance for the last couple months, having turned on the Akismet plugin again, is simply that the moderation queue does not by default manage trackbacks and pingbacks at all. I started getting a lot of trackback and pingback spam, and needed to do something about that. After some research, I’ve finally decided to replace the Akismet plugin with the Trackback Validator Plugin. I’m going to see how this works out for me. Basically, it is meant to catch any trackbacks or pingbacks that link to pages where there is, in fact, no link back to the weblog, thus proving they’re not legitimate trackbacks or pingbacks. I have seen a couple of spammy trackbacks and pingbacks that do link back, and I’ll have to see what happens to those when they hit the TBValidator as I test this out. [...]
wonderful plug-in… I’ve started to get hammered with trackback spam, just tonight, like 10 in one shot, and akismet wasn’t catching it. This plug-in seems to do the trick. thanks! I was a grad student at rice so, it’s nice to see Rice people helping me out.
[...] Not long ago, in a post titled Spam Catch of the Day: 21 Spams Per Hour, and better spam handling, I discussed some of the problems I have with the Akismet spam filter plugin for WordPress. I also indicated that I would be using the Trackback Validator Plugin in concert with the WordPress built-in moderation queue to capture spam. [...]
[...] a bit more digging and i came across the trackback validator plugin by dan sandler and andy thomas of the computer security lab at RICE university. this plugin validates any trackback your blog receives by the simple expedient of checking whether the URL contained in the trackback actually does link to a webpage containing a link to your blog. if the URL in the trackback disnae [ie. it links back to some poxy organ-enhancement, gambling or porn site] then the plugin flags the trackback as spam and rejects it. it’s beautifully simple - and it works! since installing trackback validator my comment spam has dropped from about 50 a day to zero for the past week. [...]
[...] This morning I installed Bad Behavior which in it’s default setting seems to block approximately 30 - 50% of the spam I was recieveing earlier. This is a good start. I will also include Trackback Validator (a research project at Rice University) this evening to see if I can further reduce the spam load. Trackback Validator has an option for you to automatically transmit your spam logs Rice for further research. I really like the idea of supporting a university project. However if it doesn’t prove sufficent,  I may also try Akismet. It’s free for personal use (ex. your site makes less that $5/per month). [...]
[...] Note that I am porting the Trackback Validator Plugin to Orablog to reduce the amount of spam trackbacks we receive! There is no license attached to the plugin so I’m checking with the authors to see if I can post my changes as part of the Orablog distribution. [...]
[...] If by chance there is a false positive, the user is greeted with an error message telling them exactly what’s wrong, and what needs to be removed from the comment in order for it to be posted. Combined with Akismet, this is a powerful way to fight spam. This method blocks about 70% of the spam I receive daily. Using Trackback Validator cuts down on an additional 10-15% of spam. That plugin makes sure the people giving you track backs are actually linking to you before the track back goes in to the queue. [...]
[...] You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your ownsite. [...]
[...] One of the websites that I administer had problems with trackback spam, so I had to do something and after reading this article I decided to give it a try. I’ve used the source code from a wordpress plugin and added it in the trackback module. [...]
[...] Trackback Validator: this plugin is part of a research program out of Rice University. I don’t know how well it works, but I certainly have very little trackback spam since installing it! [...]
[...] Trackback Validator Plugin Legitimate TrackBacks are sent by people’s comments, accompanied by a URL that points to that commentary. Spam TrackBacks are accompanied by a URL that points to a PPC affiliate website or other irrelevant material. The Validator exploits this key differe (tags: WP_Plugins Spam) [...]
I downloaded the Trackback plugin as it promises to be an excellent anti-spam solution, but when I try to activate it, I get this message: “Plugin could not be activated because it triggered a fatal error.”
Please tell me why this happens and if it’s possible for my blog to have this plugin working.
Thanks in advance!
Ilona
[...] I got the idea for this plugin from the Trackback Validator Plugin of the Rice University. However, I dislike several things of their plugin: [...]
[...] Trackback Validator: Bu eklenti Rice Üniversitesinin bir araştırma planı. Ne kadar iyi çalıştığını bilmiyorum ama kurduğumdan beri çok az trackback spam almaya başladım. Filed under WordPress having Leave a Comment [...]
[...] I am already using Akismet (which does not like some comments), and Peter’s Custom Anti Spam Image (you can also try his newer one, which generates a random code), which cover quite a bit of the spam. Bad Behavior was in place to mostly stop trackback spam. So, I am trying the Trackback Validator plugin. [...]
with this plugin i can keep my blog clean. thank you for your work!
I wanted to add a little more function to avoid both comments and trackback spams to my blog, and I looking down WordPress Codex page then found this trackback validator plugin.
For WordPress 2.x users, make sure to download version 0.7.1 or later.