The idea of trackbacks and pingbacks are great. It’s a way of getting notified when someone else posts about you on their blog. However, spammers have taken over and it makes you wonder if there is any value in trackbacks anymore.

My guess is that most bloggers will say that the value is little to none. The number of spammy trackbacks are overwhelming at times and, even if you do have a good spam plugin protecting you, the ones that get through are not quality. The chances that a good trackback comes into your site is rare, but when it does, it is great to see.

The idea of trackbacks is fantastic, however it is to easy for spammers to abuse; and they know that. The system has been corrupt for a while and it makes a blogger think that it may be time to just disable them and forget about them.

What do you think?

Do you still see value in trackbacks and pingbacks? Or have you disabled them and let them die?

Yes, trackbacks/pingbacks are dead. Lets turn them off.

If you’d like to disable trackbacks on your WordPress blog, go into your blogs settings and then click ‘discussion’ and un-check the box for ‘Allow link notifications from other blogs (pingbacks and trackbacks.)’

No, trackbacks/pingbacks are still alive, they just need to be monitored better.

If you’d like to keep trackbacks, but manage them better, check out one of these plugins:

• Moderate Trackbacks
• Simple Trackback Validation
• Auto-Close Comments, Pingbacks and Trackbacks
• Disable Trackbacks

Some web hosts do not allow for plugins such as Akismet to function properly. This is because they turn off the PHP function fsockopen for security reasons.  When they do this, any plugin that connects to an outside source doesn’t function correctly.  The biggest issue then is the inflow of spam.

I’ve found two plugins that seem to help take control of spam comments and trackbacks when Akismet isn’t available.  Neither are perfect, but together they make a world of difference in the fight against spam.

The first is Cookies for Comments.  This plugin places a cookie into the visitors browser when they arrive at your site.  Once they leave a comment, the plugin checks to see if that cookie exists.  If there is no cookie, then it’s marked as spam.  From my testing, it works quite well.

The second is Simple Trackback Validation.  This plugin checks the site that is supposedly leaving the trackback and ensures that the IP is good and that the site is actually linking to yours.

The downside to both plugins is that they either pull all questionable comments & trackbacks into moderation or they delete them.  This means that you’ll continue to get flooded with moderation requests or they’ll just be deleted and, if something is marked spam accidentally, you’ll never know.

Both plugins work well and have done a great job at protecting a blog when Akismet is not an option.

The good news for Akismet fans here is that there is news that in WordPress 2.7, Akismet may work without the fsockopen function via a HTTP API.  This would then allow for Akismet, and other pluigns, to work on additional hosting platforms where it currently cannot properly function.  Lets hope it works as good as it sounds.

For now, Cookies for Comments and Simple Trackback Validation are two great solutions to minimizing the flow of spam on hosting situations where Akismet is not available, or for those that choose not to use Akismet.

Every day hackers sit out there an pray on good sites for no good reason. Some days they are even successful. In the past few months I’ve worked with a few blogs to detect and remove hidden code that was causing various unwanted issues. It happens to the best of blogs, and knowing how to find and remove it is just as important as trying to prevent it.

Blog #1 – The iFrame – The first indicator that something was wrong here was the time it took the blog to load. It seemed abnormally long. I popped open Safari’s activity window and noticed it was connecting out to an IP address that I didn’t recognize.

When the did finally load, it then asked me if I wanted to run a Java applet. Huge red flag there. It took some digging but I found a lot of files contained some iFrame code that was loading badware from an external site.

To fix, I deleted and re-uploaded all the files I could, and walked though each theme and plugin file to find any traces of code that should not be there. Once cleaned out, the site ran much smoother.

Blog #2 – Hidden Random Links – With this blog, Google actually caught the issue first. They put a lovely note on search results that said the site may be unsafe to visit. Even when someone did click on the search result, Google sent them to a warning page. So not cool, but understandable.

I immediately looked though the theme files and re-uploaded any admin files with no luck. Oddly enough, the issue presented itself only on a few posts, not all pages. This means that the issue was not part of the theme or any other main files. The badware was actually embedded in individual posts.

Using Google Webmaster Tools, they listed out a number of infected pages. I then viewed the sources of those pages and was able to see an empty link that went out to a known badware site.

To fix, I edited each post with WYSIWYG editing turned off. This allowed me to see the raw HTML and it was easy to see the infected posts. Within a day or two of cleaning up the code, Google cleared the warning message.

Blog 3 – Spam Links – If you’re not running the most recent version of WordPress, you may become affected by old security issues. With blog #3, someone added a couple hundred invisible spam links to the footer of the site. We were lucky with this one as a visitor tipped us off early. The fix was simple, remove the links from the footer file and update to the latest version of WordPress.

Hack Attack Tips

If you do find your blog has become infected, here are a few things you should always do.

1. Clean up any infected files as soon as possible. It’s your reputation and your visitors safety at stake.
2. Delete any blog and plugin files you can and re-upload new ones. Don’t get rid of your configuration or theme files though.
3. For those files that you can’t just delete (like config and theme files) open each one and check for issues.
4. Update your blog software and plugins to the most recent version. The newer the files the safer they probably are.
5. Change your passwords. Your blog user, your ftp and any others you can. You never know how hackers get in.
6. Backup everything. In the three cases above, no files or information was deleted by the hackers, but that doesn’t mean they will always be as nice.

Hackers are out there every day doing what they can to harm innocent sites. You can take steps to protect yourself by keeping your blog software and plugins up to date and creating good, strong passwords along with frequent backups.

Do you have any words of wisdom to share about keeping blogs safe?

Blogging is fun and rewarding. There are so many good things about it, but comment and trackback spam can tarnish the process. I know that going in and removing 15 different ‘prescription’ comments is not a good use of a bloggers time as they could use it towards creating new posts. But how does one control it?

You can protect comments with a captcha plugin, Spam Karma or Askimet, but what about trackbacks?

Lately I’ve been testing out the Simple Trackback Validation plugin. It checks two items to ensure that the trackback is legit.

1. It checks the page that claims to be linking to your post to ensure it does.
2. Checks the IP address of the blog the tracback is coming from and the IP of the trackback. They should be the same. In order for these to be different, a spam bot must be auto generating the trackbacks.

It also has a feature to toss any questionable trackbacks into moderation.

So far in my testing I can’t already say if it’s working or not. No trackbacks have gone into moderation, yet trackback spam seems to be more under control, but not gone.

Askimet also claims to filter out trackback spam, but in my experiences, it’s not as good at it as filtering out comment spam. Then again, maybe it’s blocking a lot of items that I don’t even know of.

What I’d love to see is a plugin that made all trackbacks go though the same rules as comments or even just throw all of them into moderation. Content scraping sites give trackbacks a bad rep and I’ve yet to find a solution to really get trackback spam under control.

What have you tried? Have you found a solution that works and works well? If so, please do share.

For a new blogger, getting comments or trackbacks is exciting. However, some of them could be automated spambots filling up your comments with links to sites you wouldn’t want your visitors seeing. Spam plugins can do wonders at stopping spam, but some manual work is required. Here are a few tricks to help new bloggers identify possible spam.

1- What name did the commenter leave? Was it Sam or Jill? Or was it Used Cars or Baby Blankets? Most spammers use keyword phrases as they think it’ll help out their site; which it won’t.

2- What URL did they leave as their homepage? Does the URL look like a laundry list of keywords? http://www.shop-for-ipods.com/ipod-deals/best-ipod-prices.htm. Trying to hard is an indication that the link may be spam.

3- Was their comment generic? Sure, not everyone leaves detailed comments, but an indication of spam may be a comment such as “Great Website”,”I’m really glad I found your blog”, “This is really good content.” Chances are that these comments came from someone who never read your post.

4- Visit the URL. Not for the faint of heart, but if you can’t tell from the indicators above, check out the website and see if it looks like a legit website. Those that are spam are probably filled with ads, have no unique content and probably no real structure.

5- Is it readable? Some spammers like to put in symbols for some odd reason. No matter how you translate it, it doesn’t become readable. If the comment doens’t contain characters that even look vaguely familiar, it may just be spam.

6- Is your name Thomas but they call you Lindsey? Ok, this is a good one. Spam bloggers will quote your blog post and link back to you. However, they quote you as someone else. What’s happening is they have an automated system to pull content and then they add a name to it to make it look more realistic.

7- Does the other site topic match yours? Since spam is usually automated, a pet site may grab any content that has pet related keywords. If you talk about how you’ve been working like a dog, your post may get associated as a pet post. That’s even more evidence that no one is really reading your post, they are just taking it to populate their site.

There is not one give away for identifying all spam trackbacks or comments. Some may have a few of the tactics mentioned above and still be real. It’s up to you, the blog editor, to decide what to keep and what to remove.

The web is a wonderful place, but nothing is off limits to the spammers of the world who try to ruin the fun for everyone. Always keep an eye on your comments for the spammers as they will come. Not only do you want to build a good reputation for your site, but you want to ensure that those comments left by others don’t hurt the identity you want to promote.

Remember, you are in control of your site. You have the right to edit or delete any comments you don’t feel are acceptable.

Example: Can you tell why this site is spam?

Recently the blogs I monitor have been getting hit with a lot of spam that Akismet doesn’t seem to catch. Here is an example:

Author: used auto detroit

Comment: used auto detroit

Info about used auto detroit.

The good news is I’ve come up with a simple solution. Just go into your blogs admin, click on options and then on discussion. In the comments moderation area, add /strong to the list. Next time one of these comments make it through, they’ll be held for moderation instead of going live.

Notice, I didn’t say that this was a fix. You could add /strong to the comment blacklist area but you may filter out good comments too. Seeing as strong tags are OK to use in WordPress comments, a real visitor could use it. Plus, some blogs tell users that they can use basic formatting. That’s why we throw it into moderation and not just throw it away.

I’ve recently been using Akismet as my spam plugin for WordPress. It had been doing great, until this weekend. All of a sudden, spam started piling up and I was kept busy trying to remove it all. It’s amazing how great spam plugins do work, when they work. I ended up turning on Spam Karma for a while and that fixed everything.

It turns out that Akismet was down over the weekend for some updates. All should be good now though.

It really makes a person realize how great spam plugins are.  Maybe it’s time to donate a few bucks.

[tags]akismet,spam-karma[/tags]