TrackBack Spam Alert: Dealing With Trackback Spam

Spammers appear to have discovered TrackBack in a more significant way today.  The discussion on the Moveable Type professional developers mailing list is full of folks watching TrackBack spam grow.

Why is TrackBack spam an issue?

It drives traffic to the spammer in several ways:

1) As a blog owner, when you see a new TrackBack arrive, you’re likely to go visit that site. Kaching!

2) When the TrackBack appears on your public site, others might click the link. Kaching!

3) Because the URL appears on your site, it is likely to increase the spammer’s standing in search engines. Kaching! Kaching! Kaching!

Currently, the volume of TrackBack spam is still fairly low.  Whether this is because comment spam was much easier, because many people don’t enable TrackBacks (or remove them from their site when it is customized) or because spammers find TrackBack as confusing as the rest of us, I don’t know.

One factor , pointed out by Jay Allen, is that TrackBack entries typically have all URLs removed from the body, so the spammer only gets one URL, in the title of the TrackBack, which isn’t a good payoff.

Here are some tools for blocking TB spam:

1) Turn off trackbacks. A drastic measure, sure, but it works 100%, guaranteed! You can also turn off comments on only older entries, in MT, using MT_Close2.

2) Rename your TB script.  This is an easy fix in most software, but at best temporary delay. The spammer will either have to a) come look at your site to find the new name for the TB script, or b) change his program so that it automatically comes to look for your TB script name before posting.  Because autodiscovery is a key part of the TB system, they will be able to do this, and you’ve now got twice the page hits on your server.

3) Moderate TrackBacks.  This can be difficult; many blogging solutions treated TBs differently than comments, and don’t have the same tools to control them.  If you’re running MT, MT_BlackList gives you some control over blocking TBs.

4) Block spammers at the Web server level using modsecurity . Or if you run on apache but aren’t an administrator, try a .htaccess file that stops certain types of accesses to your TB script.  Or install, on MT, MT-DSBL which takes a list of (what it thinks are) spam-sending computers (the Distributed Sender Blackhole List), and denies those computers access to your trackback system.

5) The “nofollow” attribute doesn’t do anything to stop you from getting spammed, but it does help Google keep spam out of its index.  Of course, some people think that spam is spreading to TBs as spammers to get around the “nofollow” restriction; this makes no sense because “nofollow” is usually implemented for both comments and TBs.

Unfortunately, many tricks that work with comments (requiring registration, having people typing in a word-image (CAPTCHA), or requiring additional secret codes in the trackback submission) don’t work with TB, because it’s not a form-based technology, and these protections weren’t baked into the standard.

I think we’ll see more spam in TrackBacks, not less, because as the number of tools and sites that support it grow, and as it becomes more difficult to spam in other venues, spammers will seek the most rewarding path to spam.

Powered By Qumana

Posted by Travis Smith on 02/01 at 05:05 PM • Blogging News
Tracker Pixel for Entry

Comments

  1. Good technical description Travis.  I think hosted services like Blogware are going to have to tackle this quickly.  No one can spend and hour every morning deleting this scourge!

    Posted by Tris Hussey on 02/01/05 at 05:47 PM

  2. For those interested in a slightly slicker approach to renaming one’s Trackback script, see my random-rename thang: tb-random-rename.pl

    It’s a Perl script to automatically rename your TB script, update mt.cfg, and the entry includes instructions for auto-rebuilding your blog.

    Posted by tom sherman on 02/04/05 at 03:26 PM

  3. Buzz Marketing with Blogs for Dummies, a book by Susannah GardnerTrackBack Spam Alert: Dealing With Trackback Spam Spammers appear to have discovered TrackBack in a more significant way today. The discussion on the Moveable Type professional developers mailing list…

    Posted by http://careo.elearning.ubc.ca/weblogs/vschools/arc on 04/22/05 at 10:57 PM

  4. TrackBack Spam Alert: ...

    Posted by http://searchterra.net/?id=4644571330&q=TrackB on 11/03/05 at 05:36 AM
Commenting is not available in this channel entry.

Next entry: Bloggers Get Their Own Ad Sizes

Previous entry: TrackBack Spam Alert Backgrounder: What is TrackBack?

<< Back to main