Tag: Trackback Spam

Bad Behaviour blocks TechMeme

I noticed recently that none of my posts were appearing on TechMeme so I emailed Gabe Rivera, TechMeme’s founder to ask what the problem was. He responded:

Your Bad Behavior plugin is blocking me, even though my crawler behavior is rather benign.

If you can whitelist my crawler (does BB let you?), it looks like this:
Mozilla/5.0 (compatible; Wazzup1.0.XXXX; …with XXXX varying (long story…).

Or just uninstall it! (What are some alternatives? I’d like to do a post on this…)

Bad Behaviour is an anti-spam plugin that I have written about previously.

As I don’t see a way to whitelist, I have disabled Bad Behaviour and I advise anyone else to do so until this can be sorted.

Thanks for the speedy response Gabe.

UPDATE: – Michael Hampton, Bad Behavior’s developer has contacted me to say it is possible to Whitelist TechMeme by adding its ip address ( to the Whitelist-inc.php file – this fix didn’t work for me but may be worth a try if you do want to use Bad Behavior.

Blocking trackback spam using .htaccess

This morning I received a trackback spam. It pointed at a rubbish domain – ohuudfghj.com, and came from ip address using User Agent Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90).

I took a look at Spamhuntress’ site and sure enough she has a post warning that a trackback spam run is about to get underway imminently.

Then I checked out my raw log files and found several entries from this User Agent, all from different IP addresses so banning the IP address would be useless to block the spam.

Consequently, I added the following line:
SetEnvIfNoCase User-Agent ^Mozilla\/4.0 \(compatible; MSIE 5.5; Windows 98; Win 9x 4.90\) spammer=yes
to my .htaccess file.

Although this may seem a tad drastic, I trawled through my raw log files and couldn’t find any legitimate entry for that User Agent in my logs.

Be aware that if you intend to use this code, you need to use it in the context of the surrounding code in my .htaccess file (i.e. follow the code with
deny from env=spammer
if you are uncertain, be sure to check out my .htaccess file).

You can test the efficacy of this code by going to the Wannabrowser site, entering the User Agent into the HTTP User Agent field, your site’s address in the Location field and clicking the Load URl button. You should get a 403 result if the code is successfully blocking this User Agent.

UPDATE: Diane let me know that this code was too strict as it was blocking her and she isn’t on a Windows 98 PC. Spamhuntress pointed to a script to block access to Trackbacks – basically you use this script. I have been using the script and haven’t received any trackback spam since I installed it.

Trackback spam explained

I posted about Trackback Spam previously but it was brought to my attention that I didn’t explain it properly, so I am now going to attempt to rectify that.

If you are using a blogging application, like WordPress, there is a facility called Trackback, whereby, when you are making a post in your blog, and you refer to a post someone else made in their blog, you can add in the trackback uri of their post (normally displayed at the end of their post) to your blogging software, and it will send a notification (called a trackback) to them.

When their blogging software receives this notification (Trackback), it displays the relevant part of the post in the comments section of the site.

Spammers are recently starting to post faked trackbacks directly to people’s blogging software, pretending someone has posted about one of your posts, hoping your blogging software will automatically display their spam on your site (thinking it is a legitimate comment).

The reason they do this is to get links from external sites to their sites, thereby pushing up their all-important Google Page Rank.

Combatting WordPress Trackback Spam

I have blogged with boring regularity about my battles with WordPress comment spam and my ultimate defeat of it using the Authimage plugin.

This morning I was hit by a new plague (new to me anyway!), trackback spam. TrackBack spam is very similar to comment spam. The spammer sends TrackBack pings to this site, they are listed in the comments area, and they direct readers to a totally unrelated URL. Also, if listed, they increase the target site’s Google Page Rank (PR).

My first response has been to rename the wp-trackback.php file to see if this will stop this scourge. To ensure genuine trackbacks can still get through, I had to edit the reference to wp-trackback.php in the template-functions-comment.php file. This is not a foolproof solution, I realise, but I will re-assess the situation over the coming weeks and see if more drastic measures need to be taken.

Why do I have a horrible sense of foreboding?