For weeks now I’ve been seeing a rather large number of fake trackback attempts from some spam robots. It always uses the user-agent “– WordPress/2.1-alpha3″, and seems to come in waves: one day there will be no accesses, the next, 300–400. The requests span a large number of hosts, around 300 or so. There are also a lot of requests using the user-agent “libghttp/1.0″, but there seems no correlation between the hosts requesting with that agent, and the fake WordPress one.
Anyone else seeing this? Of course, these requests are universally ignored, so no spam is actually leaking out, but it’s still annoying.
Loading...
Mark Wielaard | 02-Apr-07 at 12:25 am | Permalink
Same here :{
davee | 02-Apr-07 at 1:35 am | Permalink
yep, i get em too. don’t notice unless i check my logs though.
Canek Peláez | 02-Apr-07 at 11:54 am | Permalink
I asked in the WordPress forums, and the consensus (at the time I looked, at least) was that the only workaround is to disable trackback.
I did it, and certainly I don’t get SPAM anymore. But it’s far from optimal.
Chris Samuel | 21-Apr-07 at 7:22 am | Permalink
My solution was to use Apache’s BrowserMatchNoCase option in my .htaccess to set an environment variable and then deny from=variable.
Nobody should be running 2.1-alpha3 these days!
csm | 21-Apr-07 at 11:44 pm | Permalink
Trackback is (should be?) disabled here, too. I may want to add the “fuck you; fuck off” bit to .htaccess here as well.
But I was curious if there was some botnet at work that could be analyzed; the busty nature, the same user-agent, AND the recent compromise/exploit of Wordrpess 2.1 are all interesting factors here.