By allen074 on

Ok - so I get 1000 trackback spams a day - I was thinking - if we change the trackback address daily/weekly - won't that help to combat some of the spam?

so right now its /trackback/nodenumber

let's change it to /trackback1234/nodenumber

etc.

possible? stupid idea? good idea?

thanks

Categories: Drupal 4.7.x

Comments

cozzi’s picture

cozzi commented

Has anyone considered the implementation of something like the TrackBack Validator in WordPress?

Somehow it checks to see if the blog posting their trackback actually is referencing your blog. Sound very effective.

http://seclab.cs.rice.edu/proj/trackback/trackback-validator-plugin/

erdtek’s picture

erdtek commented

Thank you for pointing out this plugin, our site was flooded with trackback spam and I found this article and decided to implement this in the trackback module. I had to include the "Snoopy.class.php" file and in the trackback.module file I changed the function trackback_receive(&$node) (I don't know how correct it is, but it works in our case). What we wanted was to filter content that is outside of our durpal installation by using the idea from the wordpress plugin, and if the author is from our drupal installation, then leave everything as it was. So here is the change in the module:

function trackback_receive(&$node) {
  $trackback = new stdClass();
  // Process TrackBack post data.
  $trackback->url = check_url($_REQUEST['url']);
  if ($trackback->url && _trackback_valid_url($_REQUEST['url'])) {
    $trackback->trid = db_next_id('{trackback_received}_trid');
    $trackback->nid = $node->nid;
    $trackback->created = time();
    $trackback->site = $_SERVER['REMOTE_ADDR'];

    list($name, $subject, $excerpt) = _trackback_optional_params();
    $trackback->name = strip_tags($name ? $name : $trackback->url);
    $trackback->subject = strip_tags($subject ? $subject : $trackback->url);
    // $trackback->url already set above.  Though I might say something here since I'm setting the fields
    // in the exact same order that they are created in the table's create statement (with this exception).
    
    $testURL = 'YOURHOST'; // e.g. localhost, ...
    
	if (strpos($trackback->url, $testURL) !== false) {
		// trackback from YOURHOST intern, do the default stuffs
		
	} else { 
		// outside url - begin
		// trackback is not from YOURHOST, check for link to the author site, pointing to YOURHOST
		
		if (@include_once('Snoopy.class.php')) {
			
			$permalink = check_url(url("node/".$trackback->nid, NULL, NULL, TRUE));
			$author_url = $trackback->url;
				
		 	$snoopy = new Snoopy();
			// We don't want Rice's (un)availability to mean trackbacks take
			// forever.
			$snoopy->read_timeout = 15; // seconds for read timeout
			$snoopy->_fp_timeout = 15; // seconds for socket timeout
			
			$snoopy->fetch($author_url);
			
			$permalink_q=preg_quote($permalink,'/');
			$pattern="/<\s*a.*href\s*=[\"'\s]*".$permalink_q."[\"'\s]*.*>.*<\s*\/\s*a\s*>/i";
		  
		  	// 0 or 1
			$isUrlThere = preg_match($pattern, $snoopy->results);
			if($isUrlThere == 0)
			{
				  // Generate response
				  $output = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
				  $output .= "<response>\n";
				  $output .= '<error>'. $error ."</error>\n";
				  $message and $output .= '<message>'. $message ."</message>\n";
				  $output .= "</response>\n";
			
				  return $output;
			}
			else
			{
				// the trackback author is pointing to our site, it is ok, (not spam)
			}
			
		} else { // no Snoopy
			
		}
	} // outside url - end
    
    $trackback->excerpt = strlen($excerpt) > 255 ? truncate_utf8($excerpt, 252) .'...' : $excerpt;
    $trackback->status = (variable_get('trackback_moderation', 0) == 0) ? 1 : 0;
	
    // drop silently if this is from a known spammer IP address
    if (function_exists('spam_ip_filter') && variable_get('trackback_spam_filter', 1)) {
      module_invoke('spam', 'ip_filter', 'trackback', $trackback->trid);
    }

    watchdog('trackback', t('Added trackback %subject.', array('%subject' => $trackback->subject)), WATCHDOG_NOTICE, l(t('view trackback'), "node/$node->nid", NULL, NULL, "trackback-$trackback->trid"));

    db_query("INSERT INTO {trackback_received} (trid, nid, created, site, name, subject, url, excerpt, status) VALUES (%d, %d, %d, '%s', '%s', '%s', '%s', '%s', %d)", $trackback->trid, $trackback->nid, $trackback->created, $trackback->site, $trackback->name, $trackback->subject, $trackback->url, $trackback->excerpt, $trackback->status);
    $error = 0;

    if (function_exists('spam_content_filter') && variable_get('trackback_spam_filter', 1)) {
      // invoke spam.module's spam filter
      $subject = "$trackback->subject $trackback->url";
      module_invoke('spam', 'content_filter', 'trackback', $trackback->trid, $subject, $trackback->excerpt);
    }
  }
  else {
    $error = 1;
    $message = t('Missing TrackBack url.');
  }

  // Generate response
  $output = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
  $output .= "<response>\n";
  $output .= '<error>'. $error ."</error>\n";
  $message and $output .= '<message>'. $message ."</message>\n";
  $output .= "</response>\n";

  return $output;
}
tommyaquinas’s picture

tommyaquinas commented

This mod to the trackback module effectively eliminated 100% of all trackback spam I was getting - this is an amazing mod and should be considered for inclusion into the Trackback project page.