Weird trackback spam for PHP postings

Kauft das PHP-Sicherheitsbuch!

Dritte Auflage

Jetzt bestellen!

ISBN-13: 978-3898643696
€ 36,00

Links

(Profil nur für Xing-Mitglieder sichtbar)

Rootserver, Colocation, Hosting
My amazon wishlist
VServer Hosting

Pages

Frontpage
About Christopher Kunz
Kontaktformular

Syndicate This Blog

Friday, April 7. 2006

Weird trackback spam for PHP postings

Since last evening, I’ve been receiving a number of very weird trackbacks to various PHP-related articles in my blog. They all read as follows:

Weblog Name: this is very good
Link to remote-entry: http://www.google.com/

Excerpt:
related source

There’s a little variation in the URLs (one contained yahoo, and one contained MSN), but where is the point in spamming a blog with search engine URLs? Is someone trying to decrease my page rank for certain keywords - or is this some weird filter evasion technique?

Posted by Christopher Kunz at 13:51 | Comments (15) | Trackbacks (0)

Vote for articles fresher than 7 days!

Derzeitige Beurteilung: 2, 1 Stimme(n) 72841 hits

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

I receive much of those, too. I guess your first assumption could be true.

#1 Toby (Homepage) on 2006-04-07 14:08 (Reply)

I’ve been seeing these the last few days as well, and only on items in my PHP feed.

#2 Matthew Weier O'Phinney (Homepage) on 2006-04-07 15:15 (Reply)

I could be wrong, but IIRC this is usually a “test-run” to see how easy it is to spam the blog.

#3 Matthias (Homepage) on 2006-04-07 15:52 (Reply)

I don’t think spammers test. They fire and forget.

#3.1 Sebastian (Homepage) on 2006-04-07 16:56 (Reply)

I’ve seen these, too.

I don’t know why spammers would bother testing, though.

Also, I suspect the s9y captcha has been broken -- I see bursts of 30 comments at a time on my captcha-protected entries, sometimes.

S

#4 Sean Coates (Homepage) on 2006-04-07 17:11 (Reply)

I’ve also been seeing them, just for the last 2 days or so.

Very weird.

I think it might be wise for us S9Y users to turn off trackbacks for a while, to foil what looks it could be a concerted multi-blog attack in the making.

- Davey

#5 Davey Shafik (Homepage) on 2006-04-07 18:03 (Reply)

I’ve been getting them too, and the most annoying thing is that thunderbird seems to refuse to train its junk filter on them.

#6 Ivo Jansch (Homepage) on 2006-04-07 18:49 (Reply)

I think I have recieved one on just about every entry. However, they were all from the same ip address so I just added them to the firewall. I guess I might have to automate that step in the future. All of my comments have been by approval so I suppose that helps

#7 Mike Willbanks (Homepage) on 2006-04-08 04:13 (Reply)

I’m noticing the same things for each of my entries. Have you guys found any reason for this ? Is this common to all s9y users only ?

#8 Vidyut Luther (Homepage) on 2006-04-08 23:57 (Reply)

about 2 hours ago, I started to receive the same trackbacks, but now they no longer link to google or yahoo, but to http://site.neogen.ro/ambienxr/files/pp_240939.html

This url produces a 404 however. Not that I want to promote the url, but are others seeing the same url? Or with a different number at the end? I’m guessing that if this number is unique to the blog they post to, then they could retrieve a lot of info about the blog owner. For example, the fact that I clicked on it, revealed my ip, os, whatever to them.

#9 Ivo Jansch (Homepage) on 2006-04-09 01:23 (Reply)

I am seeing those too, with exactly the same URL, including the number. The 404 is JavaScript-generated, if you visit the site without JS enabled you see the typical Google landing page for some Ambien stuff. Pretty standard, I’d say. From the IP addresses used in the different spam runs, I cannot see any connection between the two.

#9.1 Christopher Kunz (Homepage) on 2006-04-09 01:30 (Reply)

A couple of us on the planet postgresql site have started seeing this pattern as well(fisrt msn/yahoo, now the above url). I’m considering turning off trackbacks on older posts, but I was wondering if anyone is doing something to fix this problem (ie. an update to captcha to stop this)

#9.1.1 Robert Treat (Homepage) on 2006-04-09 04:23 (Reply)

I’m not sure if captcha would help, I’m seeing this only as trackback uri’s, not as comments. I think by nature trackbacks are automated and couldn’t solve a captcha, right?

#10 Ivo Jansch (Homepage) on 2006-04-09 09:40 (Reply)

hmm Ambien is a sleep drug.. so it just looks like a spam bot attack in the making. I have all trackbacks set to under moderation, which is probably why these attacks stopped on my site, as none of their attempts ever showed up on the site.

#11 Vidyut Luther (Homepage) on 2006-04-09 15:18 (Reply)

RE #10: Duh, yes... was a little bit late last night when I Posted. You’re correct that captcha wouldn’t help.

RE #11: All of the trackbacks I have recieved have gone to moderation, but they keep coming. It is good they aren’t getting on to the site, but the email traffic to me notifying of them is still anoyying

#12 Robert Treat (Homepage) on 2006-04-09 18:16 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry