Trackback Validator rocks
It’s been an ongoing battle against spam on the blog lately — mostly, trackback spam. Our filter for trapping regular comment spam works pretty well, but people were able to sneak in several hundred spams a day using an attack on the trackback mechanism.
Well, we finally got around to looking for plugins to stop this. The first one we tried, Mod-Rewrite Trackback Spam Blocker, didn’t seem to have any effect. However, the second one, Trackback Validator, totally rocks. It works by the simple expedient of checking the referrer page for any actual, you know, links back here.
The only downside is that the trackbacks still generate an email, so my old method of reading comments as they came in (in a special email folder I set up) is failing because now it’s not worth the hassle to sort through the spam.
I know, probably all old news to everyone, especially those of you who run WordPress and probably upgraded to version 2 already. 😛
11 Responses to “Trackback Validator rocks”
Sorry, the comment form is closed at this time.
Do you use SpamKarma? Spam Karma is about 99% effective for me. I usually have to handcleanse about 10 spams a week.
[…] Comments […]
I’m sticking with my handcoded captcha.
Can’t you separate trackback emails from regular comment emails? I’ve never used WordPress, but I can’t imagine they make them identical such that you can’t filter for some keyword.
[…] […]
Although impractical for a community weblog, I disabled trackbacks and pingbacks altogether on the IGDA San Diego website. The Kramer plugin doesn’t care about the origin of trackbacks and pingbacks, and the plugin also doesn’t care whether you disabled trackbacks and pingbacks. Kramer was causing a lot of localhost spam from our navigation menu, so I also disabled that plugin.
I second Damion’s comment: Spam Karma is god. My blog is a wee, minor thing compared to this one (in terms of visitors; my content is truly splendiferous, of course), and yet I was getting insane comment and trackback spam. Spam Karma ended it; a couple looky-loos a week, as Damion said. NBD.
Wow, your filter has turned the spams into gibberish!
Heh… if only.
Zapped ’em, along with the 52 others in the moderation queue. Got to add a couple of ip addresses to the mystic black hole that collects that sort of gibberish though.
I’ve found Akismet to be really effective. I’ve had maybe one spam slip through in the time I’ve been using it. On the other hand, it has gotten a few false positives, but those are pretty easy to pick out of the bunch. I’ve also turned on the option to hold comments/trackbacks in moderation queue unless they’re from someone previously approved. That catches some of the spams that are missed.
But, I’ve been happy with it. The problem is that you have to sign up for a WordPress.com account to get your API key. Annoying, but you can just set up a temporary blog.
Hope this helps. 🙂
I don’t think you actually need to set up a WordPress.com blog. You just need an account to get access to the API key.