Hi,
as my server suffers from a severe trackback spam avalanche against serendipity blog software, I had to act quickly as the many apache processess seem to drag the server the downward spiral.
Checking the logfiles, it was obvious that trackback spammer are hammering my blog:
77.242.19.246 - - [01/Aug/2007:09:43:47 +0200] "POST /comment.php?type=trackback&entry_id=57 HTTP/1.1" 403 221 "-" "-"
217.141.251.202 - - [01/Aug/2007:09:43:48 +0200] "POST /comment.php?type=trackback&entry_id=120 HTTP/1.1" 403 221 "-" "-"
218.98.156.131 - - [01/Aug/2007:09:43:49 +0200] "POST /comment.php?type=trackback&entry_id=29 HTTP/1.1" 403 221 "-" "-"
Querying Google resulted in Kris very useful posting on analyzing and banning trackback spam. So Kris suggested to add
<FilesMatch "comment\.php">
SetEnvIfNoCase User_Agent TrackBack spammer=yes
deny from env=spammer
</FilesMatch>
to the .htaccess in serendipitys directory but this time, the trackback spammer omit the useragent, so I had to extend Kris hack to
<FilesMatch "comment\.php">
SetEnvIfNoCase User_Agent TrackBack spammer=yes
SetEnvIfNoCase User_Agent ^$ spammer=yes
deny from env=spammer
</FilesMatch>
in order to check wether the useragent setting is empty or not.
Tags: blog, hhp//youpornkom, htaccess serendipity, htaccess spam, irc mit htaccess, sex htaccess, spam, trackback htaccess, trackback spam serendipity
I wonder if trackback functionality shouldn't be disabled all together. In my experience about 99% of trackback activity is spam, is this worth the pain?
Ok, I still have it activated on my own blog, but I'm really considering to drop it, because I see no advantage.
Just my 2cents.