Not long ago, in a post titled Spam Catch of the Day: 21 Spams Per Hour, and better spam handling, I discussed some of the problems I have with the Akismet spam filter plugin for WordPress. I also indicated that I would be using the Trackback Validator Plugin in concert with the WordPress built-in moderation queue to capture spam.
Thus far, it has served excellently. Because I use mutt as my email client, I have an excellent interface for quickly going through large numbers of emails to scan them for spam-like content patterns, which means that when things end up in the moderation queue I can very quickly and easily go through them all to determine what needs to be released into the wild. Because the queue allows me to whitelist by the person who posted something, my regulars’ comments don’t even get caught by moderation. Because of the better interface of the moderation queue as compared with that of the Akismet plugin, it’s much easier to work with the queue when I find something in my email that indicates that I’ve received something in moderation that needs to be sent through (which has happened once so far).
The Trackback Validator worried me at first. It doesn’t attempt to catch spam by identifying it as spam, per se — rather, it catches spam by checking to make sure that the trackback comes from a website that actually includes a link to SOB It seems this will guarantee no false positives since a trackback by definition should come from a website with a link back here. What worried me was the idea of something spammish that did come from a site that linked back here. So far, however, that has not happened even once. Meanwhile, at Chip’s Quips, I saw a false negative slip through the Akismet filter and make it to public display last night, so I feel particularly good about my arrangement right now.
I was curious about how the Trackback Validator would treat both positives and negatives when I first started using it, as the description of the plugin wasn’t very clear. I didn’t know whether it would drop positives into the moderation queue, or just delete them outright. The answer seems to be that it just eliminates them. I also didn’t know whether it would drop negatives — validated trackbacks — into the moderation queue, and it seems that it just lets them pass through to the page. For now, that seems ideal, and I get great results. I was also curious about how I’d ever know if the validator caught a false positive, which may be the one thing that worried me most about it. Luckily, it seems I get emails indistinguishable from my moderation queue notices about trackbacks that don’t validate, so I need not worry — which means that I get just as many emails about things caught by my spam filtering as I did with the Akismet plugin, but fewer of them actually appear in moderation because the trackbacs that don’t validate never make it that far. Overall, it seems to be the best of possible worlds, at least until some legitimate trackback somehow seems to come from a website without any links to SOB. I don’t foresee this happening any time soon.
What I’ve discovered by this Trackback Validator behavior, and had no way of knowing from the Akismet plugin because it doesn’t differentiate between trackbacks and normal comments, is that by far the majority of my spam here at SOB is in the form of trackback spam. I went from zero trackback spam a couple months ago to a couple hundred a day. All this time, I had wondered why I never got any trackback spam, as it seemed like the obvious solution to the problem of writing spam comment bots — all weblogs that support trackbacks have to use the same interface for trackbacks, else they won’t work due to the fact that automated trackback handling requires a standardized interface, while comment entry forms can vary wildly between different weblogs because humans interact with the interface for commenting. It’s incredibly easy, in comparison, to automate spamming via trackbacks. Well, they finally got around to spamming via trackbacks. The upside is that not only is the interface easy to automate, but so is validation for the simplest case of trackback spam (which so far seems to be the only case).
It’s even easy to catch the remainder of trackback spams, if some start slipping past the Trackback Validator by some clever means of satisfying validation — there’s another plugin that dumps all trackbacks into the moderation queue. I can only hope it was designed in such a way that it only catches those that have gotten past the Trackback Validator, as dumping into the queue before the validator plugin can get at them would be problematic.
Well, enough of this. I found a joke in my moderation queue that I felt like sharing, unedited:
A drunken cowboy lay sprawled across three entire seats in an Amarillo Theater. When the usher came by and noticed this, he whispered to the cowboy, “Sorry, sir, but you’re only allowed one seat.” The cowboy groaned but didn’t budge. The usher became more impatient: “Sir, if you don’t get up from there I’m going to have to call the manager.” Once again, the cowboy just groaned. The usher marched briskly back up the aisle, and in a moment he returned with the manager. Together the two of them tried repeatedly to move the cowboy, but with no success. Finally they summoned the police. The Texas Ranger surveyed the situation briefly then asked, “All right buddy what’s your name?” “Sam,” the cowboy moaned. “Where ya from, Sam?” asked the Ranger. With pain in his voice Sam replied, “The balcony…”