Update On Trackbacks
Earlier, I had removed the URL for trackback pings because of heavy spamming recently. All of the spam had been caught in my filter, but a few legitimate pings get caught in the filter as well. I have been rescuing legitimate pings from the junk process up to now, and I wanted to stop the flood of actual spam pings in order to approve the others.
It didn't work out the way I planned. I couldn't quite get the descriptions correct, and pings went to the wrong posts. I've restored the display of the trackback URL, so that problem should be eliminated.
However, I will no longer check the junk filter for legitimate pings, and will force them to delete in 24 hours after detection. Almost without exception, the trapped pings get flagged because of a mismatch between the IP address in the ping and the IP address for the domain URL, or an unspecified inability to resolve the latter. If your pings do not appear on the blog, be sure to check your outbound pings to verify that the IP address resolves back to your domain.
Thank you for your patience and understanding.
Comments (3)
Posted by unclesmrgol | April 9, 2007 10:52 PM
Are you sure you are using the correct test?
The final line of your test description indicates that you are using reverse DNS lookups. A reverse DNS lookup will resolve to one domain name -- that of your ISP. Taking www.captainsquartersblog.com as an example, it resolves to IP 63.247.139.56; a reverse DNS of that IP resolves poynter.hmdnsgroup.com, your host iron. The reverse DNS resolution indicates a failure. Visiting poynter.hmdnsgroup.com will certainly NOT validate your trackback, since that page is the upper level console page for your host iron.
Hence, in the case that your ISP hosts you as a virtual domain, the test you described fails completely. You need to do forward resolution, which means that, when the site returns a ping, you turn around the host in the ping message and see if DNS returns the same IP address as the foreign address in the ping connection. You then have to visit the page (using the provided URL and NOT the IP) and make sure a real trackback exists.
Another possible failure mode is for hosts which resolve via DNS to multiple IP addresses. If a blogger has this setup, they are pretty rich (or make their living hosting a billion blogs), with multiple front end machines being rotated in a round-robin fashion to load-level usage. This means that, if you use their URL to resolve their domain, they may return a different address in the ring every time (I use "may" here because there may be other traffic not originating from you which rotates the ring). Hence, to catch these guys, you must ask for all address resolutions, not just the canonical one. That said, a fellow doing this is, in all likelihood, a spammer, since they tend to hide their http servers behind a screen of hundreds of referral machines (each of which gets returned by their viral DNS machine in a fashion similar to round robin).
To get trackback spamming to work, the spammers really had to do a lot of work reverse engineering the protocol as well as develop an understanding of how the search engine metrics work. Doing it wrong means the spam don't work (a blog page filled with backtracked URLS from a zillion blogs is a sure sign to google that their metrics are being made fun of). Such is the problem with automated protocols like this one -- making them easy to use makes them mechanically easy to defeat.
Posted by Don Singleton | April 10, 2007 3:20 PM
Requiring the ping to come from our IP address prevents trackbacks from Blogger or other hosts that do not do automatic trackbacks, and where we need to use Haloscan or something similar.
Posted by Captain Ed | April 10, 2007 3:30 PM
Hey, these are Movable Type's tests, not mine. I'm just using them to keep from having trackback spam all over the blog.