Friday, November 03, 2006

[reader/commenter behavior] Trackback spam

Recently, I've been hit twice with what appears to be trackback spam. I'm running both Akismet and Spam Karma 2. The spam went through both. The URL of the spammer is listed as the URL of my post, but the IP address is obviously not mine. See the following links for examples:

trackback spam 1
trackback spam 2

Has anyone dealt with this sort of thing? If I block the trackbacks, will Akismet and SK2 be smart enough to block the bad IP address(es) and not my own URL?

This Post was written by shelly from an open cupboard

4 comments:

Matt said...

Hi Shelly,

It looks to me like your akismet isn't working properly. I get trackback spam of that sort all the time and it gets picked up as spam by akismet and blocked.

You may want to install "Bad Behaviour", which actually blocks certain patterns of access before they can even attempt to post a comment or trackback.

Another thing I do is to turn on the option that says "Comment author must have a previously approved comment". So that at least if it's not picked up, it shouldn't make it to your blog.

Good luck.
Matt

shelly said...

Hi Matt,

Hmmm I wonder why akismet isn't working. Perhaps I need to update my WP template (I'm still using 2.0, and the latest version is 2.6).

Thanks for the tip about the Bad Behavior plugin. Just curious, I read something about the BB plugin blocking non-spam bots as well as spam bots.

Is this something to be concerned about?

shelly

Matt said...

Hi Shelly,

The latest version is actually 2.0.5, but if you're only running 2.0, I would high recommend upgrading. There has been a number of security issues and enhancements in recent releases.

Not sure why Akismet isn't picking up all that spam for you, but I do know that I see plenty of the exact kind of spam you have on your blog in my Akismet list all the time.

As for "Bad Behaviour" it shouldn't block too many normal users from getting to your sites unless they're doing something really weird (like trying to download your entire website through IE). There is code in there not to block regular bots like google etc from scanning your site. I've installed it for a few people and there hasn't been any complaints, so I'd say try it, and ask people to let you know if they have any issues.

Good luck.
Matt

shelly said...

Hi Matt,

Thanks very much for your advice. Now I just have to get my lazy butt to update my site :).

shelly