I remember a time when the internet wasn't over populated with evil bastards, things were much cooler back then. If you create or use software on the internet today you have to make sure everything is locked down like Fort Knox, otherwise some mf'er is gonna take advantage of any security hole.

Some bright person back in blogging's infancy came up with the idea of trackbacks. Trackbacks are a great way of posting comments on other people's blogs from a remote location. Trackbacks were intended to be used as tool to unite like minded bloggers together by posting relevant snippets of their blog in another blogger's comments... but that rarely happens. Blog spam has been made easy through the use of trackbacks... evil bastards send stupid irreverent posts to blogs using trackbacks. In fact, trackbacks are so easy to use blog spammers have written scripts (read robots) to sniff out trackback URL's and will pummel the URL with bogus posts.

The blog software I've been using, bBlog includes a trackback feature. The bBlog feature works well, but it doesn't have the proper anti-blog-spam security features implemented out the the box. I've been getting hit by these new wave trackback spammers. Here is the course of action I took to rid myself of them:

1. I turned on "moderate all comments" in the bBlog control panel. This did not work, as bBlog doesn't flag trackbacks as onhold like it does regular comments... f'n genius.
2. I updated the trackback script to automatically flag all trackbacks to be on hold until approved. This worked, but I still had to go into the blog backend and delete all of the trackback spam.
3. Finally I implemented a blacklist for the trackback spamming bastards. When trackback spam gets through all I have to do is click a button and the spammer's address gets added to my blacklist and will stop any future spam from getting through... so far the blacklist seems to work well.

Why bBlog didn't have this functionality implemented by default with is beyond me. Other than this little trackback security hole bBlog has been solid, but not solid enough to make my list of Open Source super software. One piece of Spam fighting software that does make the super software list is SpamAssassin, another fine Apache project. I use SpamAssassin with Procmail and Sendmail on my servers and it does a fine job of flagging bogus emails. To help out SpamAssassin I also use the SBL/XBL spam blacklists from Spamhaus. These lists are amazing. The blacklists work with your mail delivery agent and will turn away any messages that are sent from an address or open relay on the blacklist. I am always amazed when I look at my mail server log and see all of the messages bounced back by the blacklist... I gotta give a big shout out to Spamhaus!

There are no comments for this post.