Crusade against trackback spam
The trackback spam is starting to become annoyance for me. Many blog sites are said to turn off trackback due to this trouble. Though my blog is safeguarded with comment authorization plugin (thus no spam can escape my eye 
), I still have to manually click, click, click to mark them as spam. Not as troublesome as deleting spam, but still.
As somebody might have already dealt with it, I started to look for existing solutions. There has been various hacks available, and quite a large part of them are dealing with wp-trackback.php.
- This “WordPress Trackback Spam Killer” use a keyword based blacklist. I don’t even try it — I know in the guts that keyword blocking can never be effective. Everybody knows the successful rate (or lack thereof) of spamassassin when encountering non-latin characters. (I don’t mean I’m against spamassassin, it really helped a lot when blocking spam from western countries.)
- Another hack also modifies wp-trackback.php, attempting to apply comment spam filter against trackback message as well. Doesn’t worth my time to try.
- This patch by Elliott Back checks if IP address of some URL is equal to the trackback sender; I didn’t try it, but from its comments, quite some people are complaining this patch blocks many legitimate trackbacks.
Since I want to avoid using patches whenever possible (it is quite difficult to remember which patch has been applied, and it may or may not work with later Wordpress), I try to look for plugins instead.
- Scott Buchanan wrote this plugin. Haven’t tried it yet, but from its description, it seems to block non-permalink trackback linking. Sadly, a few of the spams really do use permalink. But anyway, I’ll give it a try if the following one doesn’t work.
- The one under my probation (Trackback Validator Plugin) is written by Computer Security Lab of Rice University. It determines a trackback is a spam or not based on the assumption that legitimate trackback contains link back to my site. Somehow that looks more logical to me, that’s why I’m trying. Let’s see.
Hey Maddog! How is the Trackback Validator Plugin? Do it really works?
I have turned off trackback of my site already…
It is perfect. I saw there are around 40-50 trackback spams per day in my site, and when I go to admin page and check, there is nothing left — they are silently deleted.
Spam Karma 2 is the best of the spam killers. I wrote the one you mention above before I found Spam Karma. SK2 is a wordpress plugin and uses multiple methods of detecting spam. Since installing SK2 it has blocked over 45,000 spam attempts on my site.
Check it out here: http://unknowngenius.com/blog/wordpress/spam-karma/
Right now I’m combining wp-hashcash and trackback validator plugin, and so far only 1-2 manually entered spam (enter through browser) can pass through, discarding 99.x% of spam as well.
At that time I know Spam Karma (the old version) but didn’t try it, since its website DOES NOT even mention it is a spam blocking plugin, and from the list of SK modules it doesn’t give me enough faith. Very likely things have improved, though I’m already very happy with my current setup. Perhaps when spammers find brilliant ways to overcome my site later, in that case I’ll start trying SK2.
You’re 100% right that the trackback patch will block tons of legit comments. But, if you’re really paranoid it’s a good option.