I just looked and I have blocked over 20,000 pieces of spam on my blog thanks to Akismet. I wish my email spam solution worked as well as Akismet does on my blog, but that’s a different discussion. The rate of spam has actually gone down for me by over 700% in the last 90 days. Why, you ask? Simple, I blocked an entire Class C network range from Russia. When I originally was trying to decide whether or not to block the entire Class C I looked through the logs carefully. What I found that this kind of activity was coming from 5 or 6 IP’s consistently but pretty much the entire Class C network was involved. It’s amazing how much comment and trackback spam this range was responsible for. This move has made my life so much simpler, blog wise.
Going through my server logs today I noticed something new these spammers are trying. Ok, it’s new to me anyway. I saw this entry from my friends in Russia:
81.95.144.68 - - [03/Feb/2007:10:07:38 -0700] “POST /security/2006/08/how-many-devices-reporting-to-your-sim-sem/trackback/ HTTP/1.1″ 403 370 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”
Intersting…apparently Google has one of their bots coming from a Russian IP…..probably not. As this next entry shows:
81.95.144.66 - - [03/Feb/2007:10:11:48 -0700] “POST /administrative/2006/07/tonights-podcast-may-be-late/trackback/ HTTP/1.1″ 403 359 “-” “Mozilla/5.0 (compatible; Yahoo! Slurp; help.yahoo.com/help/us/ysearch/slurp)”
Wow….Yahoo has a bot in the same Russian IP range as well. Nice try. Apparently the spammers have figured out that some web servers treat HTTP requests that look like SEO bots differently than they do regular HTTP requests. By changing the HTTP referrer to make it look like an SEO bot (from Yahoo, Google, etc.) they can evade some filtering techniques. I did some checking and these IP’s show up in various “naughty” lists and 100% of their HTTP requests are looking for URL’s that have /trackback in it.
–Chris
Technorati Tags: Spam, trackback, SEO bots, Akismet, comment, Information Security
February 13th, 2007 at 11:29 am
Have you tried to block the direct access to your wp-trackback.php? I have a post online agoinst blogspam.
(In english)
Additional you can rename the wp-trackback.php (german) and change the /trackback/ Regex (german too) in your Wordpress.
I am spamfree.
(Sorry for my english, I can read it very well… but my english grammar is…
February 14th, 2007 at 9:25 am
Thank you for the tips! I will give them a try.
–Chris
April 5th, 2007 at 12:29 pm
The site looks great ! Thanks for all your help ( past, present and future !)