On Sat, 2006-09-09 at 00:45 -0700, [EMAIL PROTECTED] wrote: > Hi. > > My two sites, trogger.de and trogger.info , were recently subjected to > a large trackback-spam attack. We're talking in the area of ten > thousand trackbacks within two or three days. Plus a couple hundred > spam somments in the same period. For the time being, I've disabled > trackbacks and anonymous comments. But that's just punishing the users > for the actions of a few freeloading idiots. > > Are there any technical countermeasures against trackback spam that > Djangonites have already successfully integrated into their Django > sites and used?
I'm in the process of implementing both comments and trackback for my blog and for tracbacks, I've taken the "usual" counter-measures that are recommended: (1) IP address throttling: more than a number of requests in a period from an IP address means any further requests are dropped for a period after that. (2) Dupe detection: only one trackback from each source permalink. (3) Checking that the trackback caller actually links to your blog somewhere in the first N bytes of the post they claim to be linking from (unclear what a good N is here. I'm starting with 4 KB, but it's tunable). (4) Possibly repeating the check in (3) after 24 hours or so (so that they have to keep an attacking page up longer). (5) Having the ability to turn off trackback, pingback and comments on a per-post basis. Some posts get attacked more than others. All of these are fairly straightforward to implement via a trackback app containing a couple of models. No code available yet. I publish the code when I push out the release to the live site. The trackback model probably won't be completely independent of anything (maybe it will be), just because I haven't really thought of it that way and there needs to be some integration with the comment display, etc. Cheers, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
