« Bulgarians respamming
Mathematics trackbacks »

Limiting access to single files

Some have asked how you’d limit access to a single file. Let’s say the trackback script.

I tested a GET with this thing, and my own user agent, and it worked. So this SHOULD work:

This should block anyone with that user agent from doing a POST to the trackback file in MT.

I think the trackback script in Wordpress is
xmlrpc.php
but you should double check your logs (grep for “POST) to be sure you have the right file blocked. Especially if you have some other software, or renamed files.

This entry was posted on Thursday, April 7th, 2005 at 3:36 pm and is filed under Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Limiting access to single files”

  1. Tom Raftery Says:
    April 8th, 2005 at 2:37 am

    Hi Ann,

    Ann, I’m not sure that script will work in WordPress 1.5.

    I have just gone through my raw log files in detail and any posts to the xmlrpc.php file come from “The Incutio XML-RPC PHP Library — WordPress/1.5″

  2. Administrator Says:
    April 8th, 2005 at 4:26 am

    I noticed that as well. But there’s another problem. Wordpress 1.5 has a problem with the implementation of trackbacks. I’ve never gotten a trackback sent from my MT installation to take.

    Maybe someone else will know exactly what file to block access to.

  3. skippy Says:
    April 8th, 2005 at 9:01 am

    Trackbacks use REST, not XML-RPC, so the file to protect for WordPress 1.5 is wp-trackback.php. If you’re using cruft-free URIs (as it appears you are, SpamHuntress), you can use the following line in .htaccess to block direct access to wp-trackback.php:

    RewriteRule ^wp-trackback\.php$ - [F,L]

    (credit to Scott Buchanan)

    Legitimate trackbacks should be accessing your cruft-free URI, and not wp-trackback.php dfirectly, so the above rule should not block them.

  4. Administrator Says:
    April 8th, 2005 at 10:26 am

    There isn’t even one access to wp-trackback in my log. Not sure how many trackbacks I’ve gotten this month, though. Oh wait, I did get one:

    IP: 68.174.133.22

    POST /2005/02/26/new-spamrun-using-noip-services/trackback/

    This was a bona fide spammer, as far as I can tell.

    Getting muddier…

  5. Spam Huntress » Blog Archive » WP trackback block Says:
    April 18th, 2005 at 6:01 am

    […] o block POST requests to the trackback script of my 1.5 version of Wordpress (for MT, look here): This file contains all the blocks I think are useful, but all of th […]

  6. anya Says:
    April 30th, 2008 at 8:31 pm

    dont spam what you cant afford
    if you interfere with important information you may be held liable if not accountable so
    DONT SPAM WHAT YOU CANT AFFORD AND GET THAT THRU YOUR MSN HEAD CASE

Leave a Reply