Blog spam trackback attack

Hey that kinda rhymes.

Couple of my WordPress installations are under attack. Until I clean them up, you may see some offensive trackbacks/comments in some old blog posts.

Will look around and link to fixes/prevention strategies later…

Updates:

Much discussion here. One immediate solution seems to be to turn on manual approval for all comments for a bit. I’m not going to do this just yet, so I can see what other more permanent solutions work.

10:00. I’m not sure if the usual spam filter (keywords) is working for trackbacks, though another poster there says it is. This may be because we’re still on version 1.2. Will upgrade to 1.2.2 shortly and see what happens.

10:20. Upgrade done, and it seems to be catching Trackbacks by keyword, so that’s cool. Also some neato mass-comment editing tools I haven’t noticed before, so I assume they’re new. Will watch and wait for a while (lucky I’m on holiday eh). And better upgrade the other blogs I maintain…

11:10. All done. Well, except my sister’s blog, which doesn’t take any comments. Will do it anyway though, shortly. Most hit: 76 spam trackbacks on my personal blog.

The upgrade from WP1.2 to 1.2.2 is easy. Just keep a copy of your customised files (index.php, wp-comments.php, the CSS file, and any other files you changed — they should have later date/times on them) and replace everything else with the new versions.

At the risk of getting Google hits I don’t want, here’s my updated keyword list for the moderation filter:

Haszard
tramadol
glucophage
paxil
phentermine
viagra
green card
prozac
fioricet
cialis
cache2.syd.ops.aspac.uu.net
203.166
poker
holdem
rape
incest
bestiality
bondage
beastiality
gogof-ck.com
rape
virgin
xxx
fetish

The top one refers to some anti-Jehovah’s witness bloke who has been blog spamming to promote his cause. Most of the rest should be self-explanatory.

1.50pm. Seems some are still sneaking through, a lot more caught by the filter. Will look again when time.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

6 thoughts on “Blog spam trackback attack

  1. P

    follows is manually generated spam for this geek’s test of the comment system!

    able xylene isotropic epistemological just at normality credit parsimony blue oblate spheroid

    I boarded a virgin flight to see some rape seed crops I have in the country. Rapeseed doesn’t sound too good so these days they call it canola. I have a poker face as they’re not doing well – bad soil apparently. My friend, whose just got himself a green card has a fetish with planting things, so started this rapeseed idea. If he goes for a few days without planting something, anything he gets depressed and thinks he needs a prozac to calm down. He still plays at the casino thinking he can win a million dollar jackpot. He’s too fat and still on the vidcodin so wants to lose weight, look 10 years younger and drive a porsche. He does however own a free Rolex, a new notebook with mobile phone and knows where he can get cheap online pharmaceuticals the hottest deals at 90% discount.

  2. P

    well it worked as I tried sneaking a story about a r*peseed grower who flew v*rgin and had a f*tish and it got rejected!

  3. Ren

    *whimper* Fix mine too, Daniel? Considering the c*ck-up I made of it last time, I don’t wanna do it again.

  4. Andy

    Blog spam filters need to get cleverer, in the same way as email spam filtering is. It’s not enough to filter on keywords, because depending on the subject matter, some of those words could quite legitimately appear in posts.

Comments are closed.