Comments on: WP trackback block

By: admin

admin — Tue, 20 May 2008 14:34:54 +0000

To InfoEmpresa,

Not sure Cindy’s Spampop is useful anymore. She’s long gone from the web by now anyway.

By: InfoEmpresa

InfoEmpresa — Tue, 20 May 2008 08:36:43 +0000

Hi there. The link to Cindy’s Spampop is invalid. Can you reproduce how does the “pinappleproxy block” work? Thanks!

By: Block Spammers From Your Trackbacks : Big Bucks Blogger

Block Spammers From Your Trackbacks : Big Bucks Blogger — Sun, 16 Sep 2007 03:23:27 +0000

[...] My suggestion is based on a trick I learned fromSpamHuntresses’ who blocks trackback spam .htaccess. She described how to do it for WP 1.5; I modified her method make it work for me, and to also catch the spammers using proxy servers. (I’ve also left Spamhuntress a question because I think we can block even more spam if we add a few more lines.) Anyway, give this a try because it may do the trick: [...]

By: 國生三年才開始

國生三年才開始 — Tue, 30 May 2006 08:26:42 +0000

用 htaccess 擋 spam…

根治才是硬道理 !!

本來嘛，blog 的 spam 問題我都交給 Spam Karma 2 來處理，它也都能很勝任這個任務；但是有時候我還是會覺得很煩，畢竟每天要砍 1000+ 篇 spam 也是很累的一件事。所以我就在…..

By: lucia

lucia — Wed, 08 Jun 2005 19:35:03 +0000

I put cut and pasted the suggested code at the end of my htaccess file. The track back spam is getting through (although I do moderate it all.)

I looked at my error logs, and noticed the log looks like this:

81.115.31.217 - - [08/Jun/2005:14:48:26 -0400] “POST /blog/wp-trackback.php/131 HTTP/1.0″ 404 78 “-” “Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)”

So, I am sending htem a “404″, but I *still* get a trackback. (Poker of course.) The IP’s move around. All the trackbacks I found have Mozilla in the user agent.

Any tips? Thanks!

By: Joe

Joe — Sat, 21 May 2005 03:47:22 +0000

Just because you have it all thought out doesn’t mean spammers do. Lots of spammers know very little about programming, they show this with their horribly broken spamming software. Many buy spamming software that has options like you mention but do not understand how or why to use all the options. We frequently see spammers going around with forged user agents, we also see many that leave the default string of whatever language they are using. We also see ones that try to fake the user agent but are unable to spell correctly or miss other details of a legitimate user string.

By: ThaNerd

ThaNerd — Fri, 20 May 2005 23:00:00 +0000

I am not that stupid. I know that most legitimate trackback engines have a user agent string that don’t include the “mozilla” keyword that IE, netscape, mozilla (doh!), opera and firefox have. But well… Blocking based on the UserAgent is as useful as… Errr… I don’t have any visual image in mind
The problem is mostly about the mesage contained in the spam. Not about what tools the spammer used. Actually, if i were to write a trackback-spamming script, my first step would be to look at the source or an implementation i got under my hands (say, my blog engine), read the code, maybe port it to a more efficient form (a windows app), edit a few things and add a batch function to the thing… Then i’d just browse the web and find a few blogs to spam.
But in the process of modifying the source code of the trackback function of the blog engine, one thing i would NOT do, would be to add a signature or something like that in the user agen string.

By: Administrator

Administrator — Sat, 14 May 2005 15:07:22 +0000

I appreciate your comments.

As for stopping ANY spammer? I guess you don’t realize why blocking Mozilla works then… You see, it has to do with the software they use for adding trackbacks. When that software is using the same list of user agents for comments as for trackbacks, then it works really well!

By: ThaNerd

ThaNerd — Sat, 14 May 2005 14:45:23 +0000

Your technique is more dangerous than it is useful. It avoids many legitimate trackbacks, and does not really avoid alot of spam engines.

The first thing i note is that your technique is enabled for “”. That only work with “WordPress”, and your audience is probably not using it. At least, not all of it.

Then, you try to block the spammers based upon their “UserAgent” string. Errr… Hello! UserAgent is as easy to change as puttng a new shirt on! It’ll maybe stop 2 or 3 script-kiddies, but not ANY spammer!

By: Spam Huntress » Blog Archive » Working xmix block

Spam Huntress » Blog Archive » Working xmix block — Fri, 22 Apr 2005 10:37:49 +0000

[...] ckbacks kept coming, and got annoying enough I just had to come up with a solution… http://spamhuntress.com/2005/04/08/wp-trackback-block/ This entr [...]