Spam trackback attack returns, it’s not a matter of whether but how much


Like microsoft.com, the question isn't whether blogs.msdn.com site is under attack but rather how bad the attack is right now.

There are a number of regular culprits, like codedstyle.com, anith.com, simplynetdev.com, but those sites tend to focus on the most recent few articles. A new category of trackback spammer is here: The I'm going to scrape your entire site and create a trackback for every article trackback spammer.

Site From To Count Rate (pings/hr)
paidsurveyshub.info 5/28/2009 04:27 PM 5/28/2009 04:41 PM 27 111
www.newillinoismesotheliomalawyers.co.cc 5/28/2009 05:18 PM 5/28/2009 05:18 PM 1
codedstyle.com 5/29/2009 07:25 AM 5/29/2009 07:26 AM 5 240
asp-net-hosting.simplynetdev.com 5/29/2009 07:34 AM 5/29/2009 07:36 AM 2 30
www.anith.com 5/29/2009 08:24 AM 5/29/2009 08:24 AM 1
paidsurveyshub.info 5/29/2009 09:07 AM 5/29/2009 10:26 AM 73 55
microsoft-sharepoint.simplynetdev.com 5/29/2009 10:39 AM 5/29/2009 10:39 AM 2
paidsurveyshub.info 5/29/2009 12:09 PM 5/30/2009 04:33 AM 584 36
outdoorceilingfansite.info 5/30/2009 11:49 PM 5/31/2009 12:09 AM 206 615
woodtvstand.info 5/31/2009 02:47 PM 5/31/2009 06:01 PM 507 157
patiochairsite.info 5/31/2009 08:47 PM 5/31/2009 09:18 PM 24 45
hammockstandsite.info 5/31/2009 10:20 PM 5/31/2009 10:44 PM 28 68
indoorgrillsrecipes.info 6/01/2009 12:46 AM 6/01/2009 01:00 AM 20 81
portablegreenhousesite.info 6/01/2009 03:05 AM 6/01/2009 04:35 AM 102 67
uniformstores.info 6/01/2009 05:41 AM 6/01/2009 07:00 AM 68 51
asp-net-hosting.simplynetdev.com 6/01/2009 07:13 AM 6/01/2009 07:13 AM 1
codedstyle.com 6/01/2009 07:40 AM 6/01/2009 07:40 AM 2
woodtvstand.info 6/01/2009 10:27 AM 6/01/2009 11:48 AM 397 294
patiochairsite.info 6/01/2009 11:46 AM 6/01/2009 12:02 PM 10 38
hammockstandsite.info 6/01/2009 12:07 PM 6/01/2009 12:15 PM 21 158
indoorgrillsrecipes.info 6/01/2009 12:17 PM 6/01/2009 12:36 PM 51 161
portablegreenhousesite.info 6/01/2009 12:36 PM 6/01/2009 01:03 PM 67 149
uniformstores.info 6/01/2009 01:04 PM 6/01/2009 01:38 PM 80 141
paidsurveyshub.info 6/01/2009 10:47 PM 6/02/2009 01:20 AM 16 6

I'm pretty sure this will continue for at least the next week. I think I'm going to have to write a script that auto-deletes all these bogus trackbacks.

Comments (30)
  1. steven says:

    Shouldn’t that kind of thing actually be done at the server level? Possibly block by IP range as well… blocking out spam would seem more important than missing one or two legitimate trackbacks.

  2. Ben Voigt says:

    I’d question how many legit trackbacks you get from all .info sites combined.  My guess is few enough that blocking all of them outright would be acceptable.  Greylisting could also work very well.

    In addition, identifying the sites that use the DNS privacy services (the bogus information is pretty consistent, IIRC) could probably knock spam down by another order of magnitude.

  3. John says:

    The trick is to make spam unprofitable.  It’s too hard to go after the spammers, so I suggest we go after the spammees.  First we track down every person who has ever profited or contributed to the profitability of spam, particularly those who have made purchases.  Then we bring back good old public executions.  I am not joking.

  4. Cheong says:

    Agreed that it should be blocked at site level. They can even blacklist domains the posts trackbacks faster than a certain frequency and whitelist those site that often have legitimate trackbacks.

    Then there could be a "superblacklist" that records domains that enter blacklist more than once. Not only it denies trackbacks forever from these domains, it automatically deletes all trackbacks made in the site within 1 day from these domains. This should make those intense attacks even more discouraging.

    Disclaimer: We know that you don’t write the blog software, I’m just posting some thought of it.

  5. Mike says:

    Raymond this have anything to do with the RSS not getting updated?  I noticed in FeedDemon that I wasn’t getting updates from any of the MSDN blogs and when I checked the RSS.xml it hasn’t been updated with any of your new posts.

  6. Michael says:

    "Then we bring back good old public executions.  I am not joking."

    @John: You’re undermining the impact of that phrase.  See also: "It literally killed me."

  7. Davis Worthington III says:

    Is there a way I can sign up to receive the spam trackbacks? Thank you.

  8. shubery says:

    Why all the house & garden trackbacks?

  9. Luke says:

    Any reason why your feeds are taking so long to update?

    e.g. http://blogs.msdn.com/oldnewthing/rss.xml was  last updated on 29th May

    [The appropriate people are already aware of this sitewide problem. -Raymond]
  10. ChrisMcB says:

    What are the metrics “count” and “ping.” Is count the number of trackbacks, and pings the number of times they’ve hit the site?

    [“Count” is the count of pings – the number of spam trackbacks. -Raymond]
  11. The Old New Thing : Spam trackback attack returns, it's not a … | thetrackbacksecrets says:

    PingBack from http://thetrackbacksecrets.com/2009/06/the-old-new-thing-spam-trackback-attack-returns-its-not-a/

    [I didn’t delete this one because of the sheer irony of it all. -Raymond]
  12. Anonymous says:

    I see a lot of complaining about trackback spam, but no defense of the feature itself being visible to visitors (as opposed to being a private thing).

    Personally, I can’t stand it. Furthermore, more often than not, they’re indistinguishable from regular comments. I am not capable of describing how little sense that makes.

  13. Brian says:

    Anon: The theory behind a track back is someone can write a long reply on their own blog then link it here.  Personally I’m more of a fan of posting, "hey, I just posted a reply on my own blog here: <url>"

    John: I read an article basically describing how spamming doesn’t normally generate enough income to cover the costs, but there are enough people out there who assume it will so the spamming continues.  It’s kind of like how people still sign up for pyramid schemes even though "everyone" knows you’re more likely to win the lottery than get rich through one.

  14. Dan says:

    You could always make a "respond to this blog post to be auto-banned from this blog" post.  Most spam bots aren’t very smart. :)

    Preemptive Counter-Argument: Stupid people will post or curious people will post and immediately regret it and demand to be unbanned, which will be more annoying than the spam.

    Oh well.  Maybe you could hide the post or the post’s reply form in a display: none CSS block… meh someone would still manage to reply to it accidentally.

  15. Anonymous says:

    Brian, I did not know that. I’ve actually seen it used that way a couple of times, but not in any significant magnitude to indicate it was the reason the feature existed or the reason it was enabled. All the more reason that blog authors should stop irritating and driving away visitors…

  16. Worf says:

    Spamming works only because the people using them are gullible. Spammers know that 99.99% of people will never see their spam. Of the few remaining, fewer will buy the product. However, a gullible person may be willing to "market" themselves for say, $1000, even though they probably will never recover that amount in gross sales.

    Spammer is paid, they don’t care about the rate of return. As long as people are giving them money, that’s all that matters. Even if 100% of all spams sent are blocked… spammers will still continue because there are gullible people willing to pay.

    Trackback spam is more risky. The best solution is to visit their site, and click all the ads. Repeatedly. This irritates ad sellers since they start paying for repeated clicks, if not triggering clickfraud detection (which can easily freeze accounts since they don’t want to pay for fraudulent clicks). And if they get too many bad clicks, their ad rates drop.

    Anyhow, no one’s commenting on Raymond’s "live" blogging? Or did he just edit the year?

  17. Mark says:

    Worf: Raymond frequently blogs something recent: that’s why the queue is adjustable.

  18. Leith Bade says:

    Surely some sort of captcha on comments would fix this? Something like a recaptcha would be expensive to get around as you would need to pay/convince people to decipher hundreds of captca’s a day.

  19. Ben Voigt sez…

    "In addition, identifying the sites that use the DNS privacy services (the bogus information is pretty consistent, IIRC) could probably knock spam down by another order of magnitude."

    It would also knock out my comments.

    "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service."

  20. Ben Voigt says:

    @Bill: not comments, trackbacks.  Or maybe "trackbacks and any comments containing a link" where the link target has missing DNS information.

    But not comments in general.

  21. Jaanus says:

    What’s the point of trackbacks these days, to begin with? In the internet world the feature already feels kind antiquaited (sp?).

  22. Neil says:

    Maybe only allow pingbacks from blog posts that are themselves open to comments?

  23. Josh says:

    Yea, seems like the webmasters for blogs.msdn.com should just eliminate trackbacks entirely. Someone who actually wrote a long reply can just say ‘hey, checkout my long comment <here>’. Of course, I have no idea if they come in via a different avenue from a normal comment or not – if it’s the same, that’d make it more challenging to fix.

  24. GregM says:

    "Someone who actually wrote a long reply can just say ‘hey, checkout my long comment <here>’. "

    I believe that you can add a trackback to an entry after comments are closed.  I know that at least Raymond himself can do it.  

  25. Как и с microsoft.com, вопрос не в том, попал ли сайт blogs.msdn.com под атаку, а в том, насколько атака

  26. Bulletmagnet says:

    outdoorceilingfansite? How can one have a ceiling fan outdoors?

    I’m not surprised that they have a website, though. But it should be in the .biz TLD (for bizarre)

    Every fleeting thought you’ve ever had in your life, no matter how bizarre, is someone’s lifelong obsession. And he has a website. — Skif’s Internet Theorem

    Yes, it was a rhetorical question, why do you ask?

  27. Ben Voigt sez…

    "not comments, trackbacks.  Or maybe "trackbacks and any comments containing a link" where the link target has missing DNS information. But not comments in general."

    Okay, I wouldn’t be able to trackback or link to my own website in a comment, simply because I prefer to not publish my home address.

    I will defend the right of people running websites[1] to reject comments from anyone on any criteria, even if I’m in the excluded group. I just want to make it clear that there are plenty of non-spammers who would fall into this trap.

    [1] Not including governments or tax funded websites, but that’s another argument unrelated to the point at hand.

  28. Neil says:

    outdoorceilingfansite? How can one have a ceiling fan outdoors?

    Presumably it hangs from the outdoor ceiling. (Some sort of glass ceiling, perhaps?)

  29. Anonymous says:

    Bulletmagnet, Niel: Do you guys not have covered porches where you live?

  30. Spam trackback attack week 3 statistics | Design Website says:

    PingBack from http://buildesignwebpage.com/2009/06/spam-trackback-attack-week-3-statistics.html

Comments are closed.

Skip to main content