Page 1 of 1

Spam comments and trackbacks

Posted: Sun Aug 06, 2006 5:31 am
by Brian1969

Quick question, here, and maybe there's not a good answer for it.

I'm getting a ton of trackback spam, and I find that I can block it reasonably well using the spam plug-in, but it's also blocking a LOT of legit trackbacks.

I need to know, exactly HOW do I set it to accept legit trackbacks, yet still REJECT spam. I hate waking up in the morning to find that I have several hundred spam trackbacks to delete, and read emails from people who sent a trackback and either got an error message, or they got a "success" message, yet the link doesn't appear on my site.

I've tried a variety of settings, but no luck. It either blocks everything or nothing.

Any help?

Posted: Sun Aug 06, 2006 6:05 am
by Brian1969
Also, I was going through my database files. What is the "suppress" table and what does it do?

There's two of them, actually:

serendiptysuppress & serendipty_suppress

Posted: Sun Aug 06, 2006 12:33 pm
by garvinhicking

Blocking SPAM and acepting HAM is a problem in every filtering software.

First you need to find out what is blocking your "legit trackbacks". Have a look in your notification email and see why it is blocked (the reason is mentioned there). Then you can adjust this block setting in the spamblock plugin.

The "suppress" Table is meant for Exit-Tracking / Referrers only, it is not related to spam measurements.

Best regards,

Posted: Sun Aug 06, 2006 1:11 pm
by Brian1969
That's the problem....I'm not receiving notifications of legit trackbacks being denied. And it is set up to notify me.

I'll have to comb through my logs to find instances of legit trackbacks being denied and the reasons for them.

The reason I mention this, was I had a guy who used MT do a trackback. On his end, it said it was successful. It didn't do anything on my trackback was made, no email was sent to me saying it was being moderated, etc. I went through the first few pages of the log (since it was relatively recent), and found no mention of it. And he's not the first.

I don't know, though, if all the people who've said something were using MT. If they are, that might be useful to know, so I'll check.

Posted: Sun Aug 06, 2006 1:49 pm
by garvinhicking

Are you talking about trackbacj REJECTIONS or about trackback MODERATION? Rejections don't get notified. That would be a lot of spam for your inbox. They can only get logged to the database, if you enable that.

If legit trackbacks get rejected (I thought they only got moderated) you must configure your spamblock plugin to use "MODERATE" for all settings instead of "REJECT". Then you can check your mail inbox for comment notifications. Be sure that your author has set a valid email address, and your blog has a valid "from" email address.
The reason I mention this, was I had a guy who used MT do a trackback. On his end, it said it was successful. It didn't do anything on my trackback was made, no email was sent to me saying it was being moderated, etc. I went through the first few pages of the log (since it was relatively recent), and found no mention of it. And he's not the first.
Ask him how he did the trackback exactly. It might very well be that he's simply not trackbacking right.

Best regards,

Posted: Sun Aug 06, 2006 2:02 pm
by Brian1969
I'm not sure how it's treating them, to be honest. I just got done going through the logs, and I'm not seeing his trackback, whether rejected or moderated.

I do see a ton of rejected and moderated spam that never reached my inbox, if that helps; mainly dealt with by the akismet and Blacklist options (I've set them reject and moderate, respectively). I figure that akismet will be working on a fairly wide network, so if something is listed there as spam, it more than likely is, so go ahead and reject it outright. But the blacklist, I know some sites get added to these lists by mistake, so I thought I'd moderate them, just in case.

The three settings I think I'm most in need to know about are:

Do Not Allow Duplicate Comments

Reject comments which only contain the entry title

Check Trackback URLs

These three I would think would deal with spam pretty good on their own, but I've never been sure if they were working the way I thought they were working.

The duplicate comments, that would block the "Nice website" type things, but could it also block others without meaning to?

Reject comments which only contain the entry title: Whose entry title? Theirs or mine?

And Trackback URLs. I would assume that this would scan the post they just trackbacked with to make sure there's an actual link to the post they trackbacked to, am I right? This solves the "blind trackback" problem, correct?

As for this other person, I'm sure he knows how to use the trackback feature, as it's a fairly good sized blog. I don't think he would be doing it wrong after all this time.

He did tell me it said "success" on his end, error message or anything. It just didn't show up on my end, nor did it create a log file for it. It's as though it never happened. And he said he tried it more than once, with the same results.

I hate to keep bothering you like this, but you have no idea how many spam trackbacks I was getting before I started using this thing. It was in the thousands. I can't very well shut it off, or I'm going to be flooded again. =D

And I want to make sure that I have it set right, so I don't block anyone who is legit. No better way to get people to stop linking to you than to continuously deny them their trackbacks. :lol:

Posted: Sun Aug 06, 2006 2:42 pm
by garvinhicking

Chances are that if your logs don't show their trackbacks, that they did NOT send them. Check your Apache AccessLog, if this lists the Requests to your site frmo their IP?
The duplicate comments, that would block the "Nice website" type things, but could it also block others without meaning to?
It's HIGHLY unusual that any visitor enters the same comment like another one did. So my personal opinion is, yes, block those.
Reject comments which only contain the entry title: Whose entry title? Theirs or mine?
Your entry title. But this spam method has recently very decreased. People nowadays use dictionary titles that are harder to blacklist.
And Trackback URLs. I would assume that this would scan the post they just trackbacked with to make sure there's an actual link to the post they trackbacked to, am I right? This solves the "blind trackback" problem, correct?
That's right. But some systems do not yet show their article on their site until their system trackback is complete. Thus this option has a high potential to block legit sites which are simply not yet updated.
He did tell me it said "success" on his end, error message or anything. It just didn't show up on my end, nor did it create a log file for it. It's as though it never happened. And he said he tried it more than once, with the same results.
Sadly I don't know MT, so I don't know how it trackbacks and what errors it might report.
And I want to make sure that I have it set right, so I don't block anyone who is legit. No better way to get people to stop linking to you than to continuously deny them their trackbacks. :lol:
Whenever you filter spam, you can NEVER be sure you don't filter good ones as well. That is the trouble with spam: As it approaches to be more like any other trackback, you wil filter "any other" trackback easily as well.

There sadly is no such thing as "only block spam" in any Anti-Spam system. You always need to live with false negatives, you can just try to find a good cut where you manually need to moderate as little as possible spam...

Best regards,

Posted: Sun Aug 06, 2006 2:52 pm
by Brian1969
Thanks for the rundown on those.

I think I may have been blocking some legit ones based on the criteria you just said. I've set them all to "No". I figure, akismet and the blacklist should be able to block most spam, and only a very tiny amount will come through to me, and I can deal with that.

I don't know MT, either. I did a test install of it before going with Serendipity, but I didn't like it at all. Too confusing.

I do have a request out to some users of MT and the like to do a "test" trackback to me and see what happens. I'll let you know whether it was just this one blog, or if it's all MT blogs.

As for checking the apache log, I don't even know how to do that. lol Not a big deal, though....if this test works out, I should have my answer.

Thanks again!