22.08.07
DNS trackback anti-spam plugin for B2evolution
Update (09/03/2007): A new version of this plugin has been released. The links below to the ZIP file has been updated accordingly. Issue believed to have been solved: trackbacks coming from wordpress.com hosted sites. Read the announcement and upgrade.
Esta información está disponible también en español.
B2evolution is a very nice piece of software and I definitely love it. It has grown with me and I have grown as a blogger with it.
That being said, I decided to test my knowledge, both of B2evolution and of PHP writing a small plugin to repel trackback spam attacks. It's called DNS Antispam trackback. You can download following the link:
DNS Trackback anti-spam plugin for B2evolution
...
What's the problem?
The problem is the very annoying trackback spam, which if unchecked threatens to disable that very useful tool called trackback, which allows us bloggers to communicate among ourselves.
In the course of notifying the central B2evolution anti-spam blacklist I noted that every trackback spam I received had a common property: the IP from which the trackback was sent was different from the IP address of the website the tracback refers to. I explained the thing more or less in detail in the B2evolution support forum back in January, when I wanted somebody else to develop my idea.
It turned out that B2evolution's plugin system is fairly easy to use, so I developed the thing myself.
What it does
The plugin check for every incoming trackback and compares the IP address of the originating host with the IP address of the referred website by doing a DNS lookup. If these two addresses are different, the trackback is flagged as spam and automatically rejected. As simple as that.
There are several situations in which the originating host may be different from the referred website and the trackback still be legitimate:
- Users of Haloscan service would fall into this category.
- Users of Wordpress.com or similar hosted blog services, where the trackback sender could be on a different machine to the one serving normal blog traffic. I have checked several wordpress.com website, and they have two IP addresses. I guess they use some sort of load balancing system.
The version of the plugin I'm publishing here is 0.2 and it takes into account case number 2 above. So it will check every IP address returned by gethostbynamel(), instead of only the first returned by gethostbyname().
How to use it
- Download the ZIP file.
- Upload it to your "plugins" directory under your B2evolution root installation.
- Unzip the file into that directory.
- Install the plugin from the Backoffice (/blogs/admin.php?ctrl=plugins)
That's it. You can forget about trackback plugin. I have it installed for my B2evolution 1.10.2 since July 10 or something like that, and so far I have received only one trackback spam, which had the correct IP addresses. This in comparison to the 5 to 10 I used to receive before installing the plugin.
That being said, I don't know what would be the performance penalty incurred by the extra DNS lookups for every incoming trackback. If your server is burned as a consequence of installing this plugin, you and only you are resposible for it. YMMV.
Thanks to Balupton for his input and help in testing.
Have fun!
PermalinkTrackback address for this post
Trackback URL (right click and copy shortcut/link location)
12 comments, 2 trackbacks
Agregado anti-spam DNS trackback para B2evolutionB2evolution es una herramienta para bitácoras excelente y definitivamente me encanta usarlo. El software ha ido creciendo conmigo, de la misma manera que yo he ido creciendo como bitacorero o bloguero con el software.
Dicho esto, hace unas semanas d...
Bacana! Só precisamos ver aquela questão dos trackbacks de wordpress.com Antispam plugin for B2evolution versión 0.3I have released the version 0.3 of the DNS Trackback antispam plugin for b2evolution. You can download this zip file and upgrade the previous version, just by overwriting the old files in your plugins/ directory.
This new version of the plugin addr...
This is a great plugin. I've been using it for a while now on my blog and just upgraded to the 0.3 version. Thanks for making it available. 
I ranked this just at the middle because there is something I don't understand. 99% of comments I receive in my blog don't have an URL within them because they come from people that don't have a web page or something requiring an URL. I wonder what this plug-in would do in such a case.
Sorry, I made a mistake in previous comment. I think I should said:«99% of comments I receive in my blog don't have a site IP address because they come from people that don't have a web site at all.
I wonder what this plug-in would do when comparing the originating host IP address with no site IP address».
Nothing. This plugin does nothing on comments, only on trackbacks. 
This is a great tip.
I'll have to look into this plugin further. 
hi there you have a cute page. put to favorites I will tell everyone about your website. !! 
Hello, I discovered your weblog in a new directory of blogs. I dont know how your weblog came up. Your blog looks great. Have a good day. 
Coole blog. Ist gebookmarked ich komm wieder :-)Es wäre tolloft solche guten gestalteten blog im Web zu finden. 
You can also try akismet 
But doesn't akismet only work with Wordpress? 
Comment feed for this post
