I have documented fairly well the code changes and other methods that were added to this blog to deter and even eliminate comment spam. I also posted a bit ago that I was going to be less active here just because of other demands on my time, at least for a month or so. Imagine my surprise when I logged in to my blog admin panel this morning and there were 125 spam comments caught by Akismet.

And none of them showed up in the comment log that is a part of my custom system. What was going on? And more importantly, if there was a hole in my code, would it impact the Checkbox Challenge MOD that I am using to deter spam registrations on my phpBB boards?

Of course my first thought was that my code was not sufficient. My second thought was that someone had found a way around my comment processing. My next thought was that something on my server had been compromised. None of these were happy thoughts! However, it turned out that by reviewing my apache logs I was able to determine that neither was the case. I was being spammed by trackbacks.

A trackback is a “ping” from another blog that shows up in the comments on my blog. There is a wiki article that has a very good definition:

Trackbacks are used primarily to facilitate communication between blogs; if a blogger writes a new entry commenting on, or referring to, an entry found at another blog, and both blogging tools support the TrackBack protocol, then the commenting blogger can notify the other blog with a “TrackBack ping”; the receiving blog will typically display summaries of, and links to, all the commenting entries below the original entry. This allows for conversations spanning several blogs that readers can easily follow.

Since many blog packages (or blog owners such as myself) have taken measures to block comment spam the spammers simply moved on to the next option. Again, according to wiki:

Some individuals or companies have abused the TrackBack feature to insert spam links on some blogs (see sping). This is similar to comment spam but avoids some of the safeguards designed to stop the latter practice. As a result, TrackBack spam filters similar to those implemented against comment spam now exist in many weblog publishing systems. Many blogs have stopped using trackbacks because dealing with spam became too burdensome.

I can absolutely verify this with my own experience. I don’t have time to deal with this right now, so I am going to join those blog owners by turning off trackbacks / pings on my own blog as well. It’s a shame. Yet another feature of the Internet ruined by spammers. Fortunately Akismet did a great job of catching them all. I am going to have to read more about how trackbacks are processed and see if there is anything that can be done. But unlike comments, trackback processing has to follow some sort of standard or different packages would not be able to talk to each other. I suspect that even if I had the time, I would not be able to do anything like the checkboxes that I have implemented on my comment form without impacting the functionality of the trackback system itself.

Either way, I don’t have time to deal with this right now. If only I could bill the spammers for my time… I would be rich.

Related Links

• Wiki on Trackbacks