the other day in a moment of idleness i decided to try and find out why the hell i was still getting bucketloads of comment spam, in spite of having a CAPTCHA on the comment submissions page [none of the shite ever reaches these pristine pages - owing to all comments having to be manually approved first, but it's still a pain in the arse to have to delete a couple o' hundred "attempts" every couple o' days].
anyway, to cut a long story short i found out that what i’d been thinking of as comment spam is actually trackback spam. because a trackback disnae need any kind of verification, pretty much anyone can send a trackback to your site, without having to jump through whatever hoops you’ve set up to stop the traditional comment spammer. and because a trackback appears in your moderation queue just like a common or garden comment, it’s easy to assume as [i did!] that these trackback spams are in fact comments and think that the spammers are somehow bypassing the security of your commment submission form.
a bit more digging and i came across the trackback validator plugin by dan sandler and andy thomas of the computer security lab at RICE university. this plugin validates any trackback your blog receives by the simple expedient of checking whether the URL contained in the trackback actually does link to a webpage containing a link to your blog. if the URL in the trackback disnae [ie. it links back to some poxy organ-enhancement, gambling or porn site] then the plugin flags the trackback as spam and rejects it. it’s beautifully simple - and it works! since installing trackback validator my comment spam has dropped from about 50 a day to zero for the past week.
great stuff!
