How to block random alphabetical trackback spam

There are two main blocking methods. The first is to block the server that gets the trackback address, and the other is to block the distinctive UserAgents included in POST.

The trackback spam we picked up this time is different from ordinary one, and there is no linked domain. In other words, it seems that it is not an advertisement purpose, a pleasant criminal or an experiment of technical spam. For example,

Trackback source site name:Myigkqve
Trackback Sender Name:Wwoplazmy
Trackback source address:

I will send you with the above feeling.

A character string such as an address is characterized by a combination of random alphabetic characters, and the sender's IP address goes through a different overseas anonymous proxy every time. Moreover, most politically there are something that is not yet on the list of various anonymous proxy servers all over the world. In other words, it is impossible to automatically acquire the anonymous proxy server list and restrict it with .htaccess etc.

However, after various trial and error, I succeeded in excluding this meaning unknown trackback spam.
◆ Method 1: Block the server that gets the trackback address

If you block the following host name, trackback address will not be acquired, so it will inevitably not be backtracked.

IP address:

It was only the other day that I found this. Because it comes so frequently, I decided to think about the mechanism. Probably the enemy's procedure should look like the following.

1. Obtain a page

2. Extract trackback address

3. Send a trackback

"2" seems to be using a different proxy each time, but what about "1"? Looking at the log, the proxy that sent the trackback was only for sending. It seems that you do not get the address via proxy used for sending spam.

Also, in the case of GIGAZINE, the address for trackback is displayed and the random address is discarded unless it is within a certain period of time and it becomes invalid. To say that you are going through this means that you are sending it in a fairly short time after you get the page. That means that the host name accessing the page just before the log when sending the trackback is the host name to get the trackback address.

So, when I checked trackbounding spam of the same system type so far, the host name that I emerged is "52.2e.5746.static.theplanet.comThat's why. It is the same from early July until the other day.

However, there seems to be a type that receives addresses using a proxy for trackback spam that spits out other types of recent character strings. Speed ​​is slow by that much, but measures are difficult to set up. However, even in such a case, we can deal with "Method 2" below.

◆ Method 2: Block a characteristic POST UserAgent

Next time I will think about it by sending a trackback of "3". Transmission of trackback is natural, but it is done by "POST", not "GET". In other words, if it is something characteristic POST it is said to be defensive.

As a result of examination, when sending a trackback, UserAgent must be "Mozilla / 4.0 (compatible; MSIE 6.0; Windows NT 5.1)It was supposed to be. If it is a trackback from a normal blog, it will never be a UserAgent like this one. That's why it's okay to set it up with. It becomes as follows.

The "index.php" part of "Files index.php" is the file name to receive the trackback of each blog. It changes to "mt - tb.cgi" if it is Movable Type. This method is widely applied, it is effective for other track back spam. You can also play spam that does not send User Agent if you make full use of regular expressions.

Regular expressions are easy to make using the following software. Beginners can create it without problems.

Regular expression checker

If you do extreme things, you can also enchant your domestic IP addresses and play transcending skills like playing all POSTs outside of the country. It is not a method of playing "GET" used for normal browsing, so it is beneficial that even if it is browsing from overseas, there is no hindrance. Instead, I will play all the trackbacks from domestic services using foreign servers ....

in Web Service,   Column, Posted by darkhorse_log