« That was fast....Solving my Maxtor OneTouch II Annoyance »

Defense against recent b2evolution trackback spamming....

03/23/06

  08:35:14 pm, by The Dreamer   , 454 words  
Categories: General, Software

Defense against recent b2evolution trackback spamming....

Today, I got hit by a whole pile of trackback spam....twice. Some 300+ trackbacks hitting just about every post on my site, some posts more than once. Though the guy wasn't very originally, since they were all variations of the same (2) URL(s). So, it was real easy to clean up.

Now the guy came from the same IP, but the antispam_byip stuff doesn't seem to protect against trackback spamming.

Seems like an easy problem to solve....just add a check of the user ip again the antispam_byip table while checking if trackbacks is allowed....

Something like this should do the trick:


--- trackback.php.orig
+++ trackback.php
@@ -37,7 +37,9 @@
  $blog = $postdata['Blog'];
  $blogparams = get_blogparams_by_ID( $blog );

- if( !get_bloginfo('allowtrackbacks', $blogparams) )
+ if( !get_bloginfo('allowtrackbacks', $blogparams) ||
+     $DB->get_row( "SELECT byip_string FROM $tablebanbyip
+                    WHERE ".$DB->quote($HTTP_SERVER_VARS['REMOTE_ADDR'])." = byip_string" ) )
  {
    trackback_response(1, 'Sorry, this weblog does not allow you to trackback its posts.');
  }

With this code in place, now it would be nice if there was a 'shortcut' to ban by IPs.....so I added this:


--- _edit_showposts.php.orig
+++ _edit_showposts.php
@@ -215,6 +215,12 @@
              }
              $Comment->author_email( '', ' · Email: ' );
              $Comment->author_ip( ' · IP: ' );
+             if ( $current_User->check_perm( 'spamblacklist', 'edit' ) )
+             { // We have permission to ban IPs...
+               ?>
+               <a href="b2antispam_byip.php?action=banip&amp;ipaddress=<?php echo urlencode($Comment->author_ip) ?>" title="<?php echo T_('Ban this IP address!') ?>"><img src="img/noicon.gif" class="middle" alt="<?php echo T_('Ban') ?>" title="<?php echo T_('Ban this IP address!') ?>" /></a>
+               <?php
+             }
              ?>
              </div>
              <div class="bCommentContent">


1 comment

Comment from: The Dreamer [Member]  

A few days ago, I started getting yet more devious trackback spamming.

Like I had suspected, somebody did come up with IP spoofing….so they came from random IPs, where some appeared legit but nothing to do with the actual source. So anti-spam by IP couldn’t be used.

And, couldn’t anti-spam by the URL, because the trackbacks were alledgedly coming from http://www.google.com, http://www.yahoo.com or http://www.msn.com. Though the attempt to included an URL in the trackback comment didn’t work….probably because the text was too long to pass through….so they were meaningless spam on my site.

Anyways, to filter against them, I added a check to not allow the 3 sites to leave trackbacks (and the check is only for trackbacks….so they are still allowed to bring people to my site from their search engines.)

No code provided for this change, but there’s a simple check in the code that the URL is valid (including running an antispam check….so I just hardcoded the extra URL checks at that point).

04/09/06 @ 23:51
Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 1 month 28 days 4 hours 3 minutes and 47 seconds until the end of time.
And, it has been 4 years 10 months 30 days 9 hours 59 minutes and 9 seconds since The Doctor saved us all from the end of the World!

Search

November 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 2
This seal is issued to lawrencechen.net by StopTheHacker Inc.
powered by b2evolution

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime