Apres Le Deluge: Trackback Spam

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit

So as I’ve discussed before (1,2,3, 4), our Movable Type based blogs have had a pretty serious comment spam problem here for a while now. With the help of MT-Blacklist, however, we found that problem to at least be somewhat manageable. A few trickled through every now and again, but overall I felt that the system worked fairly effectively.

Recently, however, the spammers have changed tack and begun spamming us through Trackback pings. Now in theory, MT-Blacklist is supposed to be equally effective fighting this kind of spam. In practice however, at least for us, it’s not working. We’re getting several hundred spam trackbacks a week now, and it’s driving me crazy. I’ve posted over to the MT-Blacklist forum with a query, but I haven’t found any definitive answers to why our MT-BL implementation is permitting this to happen.

As a result, I thought I’d post my experiences here in the hope that any of you fellow MT users have dealt with this problem previously or can offer any guidance here. If you have any thoughts, post here or email me, and I’ll be sure to update this entry with any solutions – official or otherwise – that we come up with.


Update: I may have some good news for those with similar problems, though I can’t be positive. Since turning un-whitelisting Typepad users – as recommended by the entry on the Blacklist forum here – MT-Blacklist has been processing Trackback pings for spam content as it should. I haven’t done any digging yet to see how would-be spammers were utilizing the Typepad protection, but all I know is that our Trackback spam has been down for over 36 hours now, and that’s a marked improvement from our previous state.

Update 2: Ok, looks like I might have spoken too soon. We didn’t get crushed, but James and I’s blogs received 6 trackbacks this morning where the URL’s were already blocked – and the poker string involved also should have been blocked. As a result, I’m adding one more layer of protection, MT-TrackbackAntiSpam, and will let you know how I make out. Thanks to Radovan for the recommendation. One immediate problem I can see with the plugin is the lack of any logging; as near as I can determine it’ll be impossible for me determine – other than receiving spams – whether or not it’s working, turning away false positives, etc. Ideally, this plugin would be merged with MT-Blacklist and leverage that plugins logging facilities.


  1. So far the majority of the Trackback spam on my blog has been handled via MT-Blacklist. The only breaks (with both TB and Comment Spam) are when a new domain pops up that is not in the blacklist. I had one last night…22 comments.

  2. it seems as if your experience is the more typical: i can't figure what we're doing wrong, as the config of the plugin isn't all that complicated. nonetheless, we need to get it fixed, as it's killing us.

  3. I had similar issues with MT-Blacklist. After installing little more antispam stuff, I'm completely ok now. Look at my list: http://radovanjanecek.net/blog/archives/000184.ht

  4. I'm in the same situation.

    Also, whilst MT-BL moderates pretty much all the spam comments, they're still getting through.

    Hopefully there's a nice solution to this.

  5. Radovan: great info. i'll be giving the MT-AntiTrackbackSpam plugin in particular a long look.

    Josue: i may have made a change that has had an impact; i don't want to lead you down a false path, but i'm going to comb through the logs this evening and will let you know if it's at all responsible.

  6. Yes, the AntiTrackback is cool. I didn't get any track back spam since I installed it. Also I strongly suggest the MT Captcha – since then, I didn't have to moderate any single comment spam. Blacklist is nice, but even moderation takes too much time…

Leave a Reply

Your email address will not be published. Required fields are marked *