This page looks plain and unstyled because you're using a non-standard compliant browser. To see it in its best form, please upgrade to a browser that supports web standards. It's free and painless.

Paul's Time Sink

| Main | Albums |

« | »

Other possible ways to fight trackback spam

Paul Westbrook | 16 February, 2005 08:27

Last night, I thought of a couple more way to combat trackback spam (previous post):

  1. Only allow trackbacks with to pages that be auto-discovered to have a trackback url.
  2. Auto generate the trackback url, to make it more difficult for automated trackback programs to work


Require reciprocal trackback urls

In the first proposal, when a trackback ping is received, it would not be considered valid until the following is successful:

  • Attempt to auto-detect the trackback ping url at in the specified url.
  • If the urls is found, the trackback is valid

This will work well for two reasons:

  1. Most trackbacks come from blogs, so these pages will have trackback ping urls
  2. Most of the trackback urls that I have received are for urls where the hosts do not resolve, so it will not be possible to auto-discover the trackback url

Auto-generate trackback urls

When a request comes for an article, it will create a url for the trackback ping. This url would contain:

  • Hash of the ip address
  • Reversible hash of the time that the url was rendered

Then when the ping comes in, the trackback code can verify that the trackback is coming from the same ip address that got the url. Also the trackback code can verify that the url was generated within 30 seconds ago.

Computer , Blogging :: Comment (3) :: Permalink :: Trackbacks (2)

Add comment

Topic

Text

Your name

Your email address

Your personal page (if any)




Powered by LifeType
Design by Book of Styles