Site icon David Yin's Blog

SPAM TRACKBACK

After install the Scode, most of comment spams are blocked.
Now, more spams are pushed to TRACKBACK part.
I have to do something to avoid the spam flood.
From Elise’s advice, I change the name of trackback cgi file and rebuild archives today.
Let me see, if spams are more or less.


Following is Elise’s advice:
Change the name of the trackback cgi file

One step that may help many Movable Type users to dissuade trackback spammers is to change the name of the trackback cgi. If you change the file name on your server without editing your mt.cfg file, trackbacks will be disabled completely. This can be useful if you find yourself in the middle of a trackback flood attack. If you change the name of the trackback cgi script, and you edit your mt.cfg file with the new name (remember to reset the mt.cfg file permissions – btw, mine are set to 600 – set them to what they were set to before – and rebuild your site), this action will dissuade spammers from finding you via a Google search for mt-tb.cgi. However, once they’ve found you, the spammers now have automated bots to find your new trackback cgi file name. So for this method to be effective, you need to change the text leading up to the Trackback URL on your individual entry archive as well, e.g. from “The trackback URL for this entry is…” to “For trackbacks, please use this URL….”.
Even with this step, the spammers are finding their way through, and you will need to use the additional method of removing the <$MTEntryTrackbackData$> tag from your main index template. Note that this tag produces an RDF snippet which is used by others to ping your site via the Trackback autodiscovery option. (See the MT Manual.) If you remove the tag, you remove this method of the spammer finding the name of your script, but you also remove the ability for others to use autodiscovery to ping your site. This could cause inconvenience to those who use autodiscovery who would now have to manually enter your ping information in the URLs to Ping window of the entry edit window in order to ping your site. Personally, I prefer it if people don’t use autodiscovery to ping my blogs. I would rather that they thoughtfully decide whether or not what they’ve written about my entry would be of value to people reading my entry before they ping the entry. But many people do rely on using autodiscovery. It’s something to consider.

Exit mobile version