I hope you get everything straightened out. In Him,

- Ted

Yes, the spammers have figured out trackback, and are now pinging our trackback URLs repeatedly with multiple GET requests, posting hundreds of links to sleazy…

So, if I’m following this, it’s a little like a blacklist in that it looks for certain terms (in the referrer? the post? the ??) and if they are found it blocks the post. Do I understand this right?

Also, as I browse my site via FTP, I don’t see any .htaccess file. Is that normal? Once I create one, where should I put it? I’m assuming in the top level folder (www.salguod.net)

Thanks.

Thanks to linking to me, but I think we didn’t have the same problem. I’m not using Parker’s whole .htaccess file, just his spam_ref=yes concept and the associated Mod_Rewrite rules that deny based on that variable. So my problem was not that I blocked myself from posting, it’s that I didn’t block the requests that I wanted to block.

Part of my problem turned out to be that my Movable Type installation is in a CGI directory, which is a separate document root. Yours and Parker’s don’t appear to be set up that way, so your root .htaccess rules apply for your whole site. I have to have (at least) two different .htaccess files.

Good luck with fighting spam. I’m glad that we’re all using different methods; it means that it’s harder for the spammers to find one solution that catches all of us off guard.

Thanks to linking to me, but I think we didn’t have the same problem. I’m not using Parker’s whole .htaccess file, just his spam_ref=yes concept and the associated Mod_Rewrite rules that deny based on that variable. So my problem was not that I blocked myself from posting, it’s that I didn’t block the requests that I wanted to block.

Part of my problem turned out to be that my Movable Type installation is in a CGI directory, which is a separate document root. Yours and Parker’s don’t appear to be set up that way, so your root .htaccess rules apply for your whole site. I have to have (at least) two different .htaccess files.

Good luck with fighting spam. I’m glad that we’re all using different methods; it means that it’s harder for the spammers to find one solution that catches all of us off guard.

I know enough to know I need the information in this entry but not enough to use it. Maybe this weekend.

Delurking after reading HYCW for a long time – great blog. Question: you’re depending on the User Agent to send you an appropriate Referrer HTTP header. What’s to stop the bad guys from sending trackbacks (which, though I’m not a blogger, I assume are done by standard HTTP requests) with forged headers? Since mod_rewrite doesn’t do any session handling, a bad guy can simply send you a forged trackback ping that includes the spammy link in the transfered data.

Okay, admittedly, IANAB (I am not a blogger) so I may not understand how trackback works. Feel free to set me straight. It seems like some sort of verification on the part of the trackback-recieving post would be more effective, but I can’t think of anything that isn’t fairly easily falsifiable.

Ah well, just some random thoughts. Thanks for a very encouraging and interesting blog.

RewriteCond %{HTTP_REFERER} \.info [NC,OR]
RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
RewriteCond %{HTTP_REFERER} \.biz

Oh, great guru of bloggedness.