[wp-hackers] Trackback Spam
Scott Merrill
skippy at skippy.net
Tue Feb 1 13:46:32 GMT 2005
Sebastian Herp said:
> Well .. I am currently receiving one trackback every 2 minutes and
> non
> of them is "real". My spamword filters are the only thing keeping
> this
> casino-spam from beeing posted ... captchas or the fabulous
> spam-stop-gap plugin won't work here. What now?
Pingbacks were created to overcome some of the (perceived)
shortcomings of trackbacks, most notably how easy to spoof they are.
A pingback recipient initiates a new request to the source of the
pingback transmission to confirm that that pingback source is
legitimate.
A long time ago, I added this verification process to the WordPress
trackback mechanism for a project on which I was working, so that
trackbacks would be verified. Maybe WordPress can "embrace and
extend" the trackback spec to plug this hole?
Here's the relevant bits:
http://skippy.net/download/tb2.phps
--
skippy at skippy.net | http://skippy.net/
gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49 3544 476A 7DEC 9CFA 4B35
More information about the hackers
mailing list