Comments on: Limiting access to single files

by: anya

Thu, 01 May 2008 02:31:35 +0000

dont spam what you cant afford
if you interfere with important information you may be held liable if not accountable so
DONT SPAM WHAT YOU CANT AFFORD AND GET THAT THRU YOUR MSN HEAD CASE

by: Spam Huntress » Blog Archive » WP trackback block

Mon, 18 Apr 2005 12:01:31 +0000

[…] o block POST requests to the trackback script of my 1.5 version of Wordpress (for MT, look here): This file contains all the blocks I think are useful, but all of th […]

by: Administrator

Fri, 08 Apr 2005 16:26:13 +0000

There isn’t even one access to wp-trackback in my log. Not sure how many trackbacks I’ve gotten this month, though. Oh wait, I did get one:

IP: 68.174.133.22

POST /2005/02/26/new-spamrun-using-noip-services/trackback/

This was a bona fide spammer, as far as I can tell.

Getting muddier…

by: skippy

Fri, 08 Apr 2005 15:01:35 +0000

Trackbacks use REST, not XML-RPC, so the file to protect for WordPress 1.5 is wp-trackback.php. If you’re using cruft-free URIs (as it appears you are, SpamHuntress), you can use the following line in .htaccess to block direct access to wp-trackback.php:
RewriteRule ^wp-trackback\.php$ - [F,L]
(credit to Scott Buchanan)

Legitimate trackbacks should be accessing your cruft-free URI, and not wp-trackback.php dfirectly, so the above rule should not block them.

by: Administrator

Fri, 08 Apr 2005 10:26:59 +0000

I noticed that as well. But there’s another problem. Wordpress 1.5 has a problem with the implementation of trackbacks. I’ve never gotten a trackback sent from my MT installation to take.

Maybe someone else will know exactly what file to block access to.

by: Tom Raftery

Fri, 08 Apr 2005 08:37:00 +0000

Hi Ann,

Ann, I’m not sure that script will work in WordPress 1.5.

I have just gone through my raw log files in detail and any posts to the xmlrpc.php file come from “The Incutio XML-RPC PHP Library — WordPress/1.5″