Means against trackback spam

garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Means against trackback spam

Post by garvinhicking »

As of today, many blogs receive trackback spam.

Serendipity as of its version 0.7 supports a plugin called "Spamprotector". This plugin already offers some means to keep trackback spam to a minumum by setting auto-moderation to a specific amount of days. This auto-moderation will also apply to trackbacks.

If a trackback item gets auto-moderated, you can approve it inside the Serendipity Administration area, section "Comments".

Additionaly, we have updated the latest version of our Spamblock plugin to filter the current wave of trackback spam. You can fetch the latest version here: ftp://ftp.netmirror.org/serendipity/spamblock.tgz or http://netmirror.org/serendipity/spamblock.tgz

Download the file, save it in your folder plugins/serendipity_event_spamblock/ and then your plugin will automatically be updated. You can configure the new options as usual in the Plugin Configuration section.

The new options are content-bases filtering, with some pre-defined filters that should catch most of the spam.

Note that this trackback spam is not specific to Serendipity, it can and will hit every blog system available - the Trackback API is not crafted against spamming means. For the future, that needs to be improved - and the Serendipity Team will be actively involved in finding a way out.

Regards,
Garvin of the Serendipity Team
Last edited by garvinhicking on Tue Feb 22, 2005 4:28 pm, edited 2 times in total.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

The netmirror.org URLs seem to be down now and then. CVS is updated with the latest plugin already, but SourceForge lags 24 hours for anonymous access.

We try to find alternate download locations for version 1.46 (CVS Header of the file) as soon as possible.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
boelkstoff
Regular
Posts: 19
Joined: Wed Feb 02, 2005 8:46 pm

Post by boelkstoff »

Hi.
I am new here, but using it since like 1 month.
I made a mirror at my university account:

http://www2.hs-harz.de/~u16594/serendip ... ck.php.txt

remove the php extension
pfaut
Regular
Posts: 16
Joined: Tue Jan 25, 2005 12:08 am
Location: North Brunswick, NJ
Contact:

Post by pfaut »

I just replaced my 0.7.1 install with the latest nigtly kit in hopes of stopping a trackback spammer. I added the url he's posting to the 'Wordfilter for URLs' entry in the 'Spam Protector' plugin's configuration. I'm still getting spammed. How do I stop this without turning off trackbacks altogether?
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Did you make sure you enter valid regular expressions in the wordfilter? Look at the default/example ones for a pattern. And you need to set the action "Activate Wordfilter" to either "moderate" or "reject"? Otherwise the word filter doesn't do anything...

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
wavking
Posts: 3
Joined: Tue Feb 15, 2005 2:03 am

Post by wavking »

I get an error message:
Fatal error: Call to undefined function: serendipity_serveroffsethour() in /home/content/w/a/v/wavking/html/serendipity/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 816

when I log out and try to post a comment to my blog
www.sharingtheroad.net

I have it set to always use a captcha but there is none there when you view any page.

Any help?
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Please download a recent version of the plugin! (See above for the URL)

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Shakadi
Regular
Posts: 7
Joined: Mon Feb 21, 2005 4:22 pm
Contact:

Post by Shakadi »

garvinhicking wrote:Please download a recent version of the plugin! (See above for the URL)

Regards,
Garvin
downloading and installing recent version of the plugin says:
Warning: event_hook(bundled-libs/Net/DNSBL.php) [function.event-hook]: failed to create stream: No such file or directory in /www/htdocs/XXX/weblog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 595

Fatal error: event_hook() [function.event-hook]: Failed opening required 'bundled-libs/Net/DNSBL.php' (include_path='/www/htdocs/XXX/weblog/:/www/htdocs/v133972/weblog/bundled-libs/:.:..') in /www/htdocs/XXX/weblog/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 595
Problem solved by manually downloading and uploading the cvs version of bundled-libs/net and bundled-libs/http/
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Shakadi: Yes. RBL (Remote Blacklists) are only available on Serendipity 0.8 installations and not for 0.7. They are disabled by default of the spamblock plugin, so on a standard 0.7 installation they shouldn't cause trouble unless activated.

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
fashionair
Regular
Posts: 12
Joined: Fri Nov 14, 2003 10:21 am

Post by fashionair »

I upgraded to 0.8 but am still getting lots of trackback spam. Is there a way to just disable trackbacks?
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking »

Yes, via the spamblock plugin's configuration. See the option "Comments made via API calls" and set them to "moderate" or "reject".

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
oeli
Regular
Posts: 19
Joined: Sun Apr 17, 2005 10:27 am
Location: Vlissingen, The Netherlands
Contact:

Mails from the trackback spam

Post by oeli »

As or yesterday, I'm being trackback spammed. The plugin is in place, so I never see any of the trackbacks actually in the blog. But I still get lots of mails from all the posted spam. In the mail, it says:

A new trackback has been made to your blog-entry entitled "Test First".

Requires review: Yes (No API-created comments (like trackbacks) allowed)
Link to entry: http://www.achievo.org/blog/archives/2-Test-First.html
Weblog Name: sex comics
Link to remote-entry: (not repeated here, that would only aid the spammer)

Is there a way so that I can moderate 'regular' trackbacks, and directly automoderate spam trackbacks, without Serendipity sending me a mail about it?
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Mails from the trackback spam

Post by garvinhicking »

You can only use the wordlist filters and activate link checking or deactivate certain author names or links.

But it is hard for s9y to differ spam trackback with regular tracbkack: Technically they are not different at all.

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
oeli
Regular
Posts: 19
Joined: Sun Apr 17, 2005 10:27 am
Location: Vlissingen, The Netherlands
Contact:

Post by oeli »

The problem is not the filter, it's correctly recognizing the spam. But even when it recognizes it, it sends me a mail. Is it possible to stop it from sending a confirmation mail when a trackback is considered spam?
Rembrandt
Regular
Posts: 71
Joined: Mon Dec 20, 2004 5:10 pm
Location: Germany
Contact:

Post by Rembrandt »

Choose "reject" in "Activate wordfilter".
Post Reply