Update (09/03/2007): A new version of this plugin has been released. The links below to the ZIP file has been updated accordingly. Issue believed to have been solved: trackbacks coming from wordpress.com hosted sites. Read the announcement and upgrade.

Esta información está disponible también en español.

B2evolution is a very nice piece of software and I definitely love it. It has grown with me and I have grown as a blogger with it.

That being said, I decided to test my knowledge, both of B2evolution and of PHP writing a small plugin to repel trackback spam attacks. It's called DNS Antispam trackback. You can download following the link:

DNS Trackback anti-spam plugin for B2evolution

Follow up:

What's the problem?

The problem is the very annoying trackback spam, which if unchecked threatens to disable that very useful tool called trackback, which allows us bloggers to communicate among ourselves.

In the course of notifying the central B2evolution anti-spam blacklist I noted that every trackback spam I received had a common property: the IP from which the trackback was sent was different from the IP address of the website the tracback refers to. I explained the thing more or less in detail in the B2evolution support forum back in January, when I wanted somebody else to develop my idea.

It turned out that B2evolution's plugin system is fairly easy to use, so I developed the thing myself.

What it does

The plugin check for every incoming trackback and compares the IP address of the originating host with the IP address of the referred website by doing a DNS lookup. If these two addresses are different, the trackback is flagged as spam and automatically rejected. As simple as that.

There are several situations in which the originating host may be different from the referred website and the trackback still be legitimate:

1. Users of Haloscan service would fall into this category.
2. Users of Wordpress.com or similar hosted blog services, where the trackback sender could be on a different machine to the one serving normal blog traffic. I have checked several wordpress.com website, and they have two IP addresses. I guess they use some sort of load balancing system.

The version of the plugin I'm publishing here is 0.2 and it takes into account case number 2 above. So it will check every IP address returned by gethostbynamel(), instead of only the first returned by gethostbyname().

How to use it

1. Download the ZIP file.
2. Upload it to your "plugins" directory under your B2evolution root installation.
3. Unzip the file into that directory.
4. Install the plugin from the Backoffice (/blogs/admin.php?ctrl=plugins)

That's it. You can forget about trackback plugin. I have it installed for my B2evolution 1.10.2 since July 10 or something like that, and so far I have received only one trackback spam, which had the correct IP addresses. This in comparison to the 5 to 10 I used to receive before installing the plugin.

That being said, I don't know what would be the performance penalty incurred by the extra DNS lookups for every incoming trackback. If your server is burned as a consequence of installing this plugin, you and only you are resposible for it. YMMV.

Thanks to Balupton for his input and help in testing.

Have fun!

 b2evolution