4
2005-02-04
Patching Drupal for poker trackback spam
Spammers have begun using trackback comments as a way around the Drupal spam module. Looking over at the Drupal board, I see that some people got hit with hundreds of spam comments. This site got some ads for poker, casinos, and an anti-obesity drug, phentermine. The rising use of comment spam has spurred Google, MSN, Yahoo! and others to embrace the rel="nofollow" tag for hyperlinks.
In the short term, I offer this to Drupal victims:
1) Turn trackbacks off
2) (Optional) Use phpMyAdmin, a database tool, or the Drupal dba module to whack all the spam from the trackback_received and comments tables in your Drupal database. This is easier than using the standard select/delete/verify process for each spam comment.
3) If you know how to patch PHP code, you can try my band-aid. Open the trackback.module file in the modules directory and change the beginning of the trackback_receive() function to:
...
function trackback_receive(&$node) {
// Process TrackBack post data.
$trackback->url = check_url($_REQUEST['url']);
// Quick fix on trackback spam.
$evil_words = array( 'poker', 'psxtreme', 'freaky', 'howtoplay', 'holdem', 'casino', 'terashells', 'phentermine' );
$is_not_spam = 1;
foreach ($evil_words as $reject_word) {
// If reject word is in comment, url, or blog name, reject the trackback.
if (stristr($trackback->url, $reject_word) ||
stristr($_REQUEST['excerpt'], $reject_word) ||
stristr($_REQUEST['blog_name'], $reject_word)) {
$is_not_spam = 0;
break;
}
}
if ($is_not_spam && $trackback->url && valid_url($_REQUEST['url'], TRUE)) {
...
?>
Add evil words to the array as necessary.
4) Turn trackbacks back on after applying the patch
It's stopped trackback spam for one night, although I wonder how many days or hours it'll take until it's defeated.
In the short term, I offer this to Drupal victims:
1) Turn trackbacks off
2) (Optional) Use phpMyAdmin, a database tool, or the Drupal dba module to whack all the spam from the trackback_received and comments tables in your Drupal database. This is easier than using the standard select/delete/verify process for each spam comment.
3) If you know how to patch PHP code, you can try my band-aid. Open the trackback.module file in the modules directory and change the beginning of the trackback_receive() function to:
...
function trackback_receive(&$node) {
// Process TrackBack post data.
$trackback->url = check_url($_REQUEST['url']);
// Quick fix on trackback spam.
$evil_words = array( 'poker', 'psxtreme', 'freaky', 'howtoplay', 'holdem', 'casino', 'terashells', 'phentermine' );
$is_not_spam = 1;
foreach ($evil_words as $reject_word) {
// If reject word is in comment, url, or blog name, reject the trackback.
if (stristr($trackback->url, $reject_word) ||
stristr($_REQUEST['excerpt'], $reject_word) ||
stristr($_REQUEST['blog_name'], $reject_word)) {
$is_not_spam = 0;
break;
}
}
if ($is_not_spam && $trackback->url && valid_url($_REQUEST['url'], TRUE)) {
...
?>
Add evil words to the array as necessary.
4) Turn trackbacks back on after applying the patch
It's stopped trackback spam for one night, although I wonder how many days or hours it'll take until it's defeated.
Comments are closed
4 Comments
You might be getting in some by Bill (2005-02-11)
Got hit with a few trackback by Bill (2005-02-13)
re: Got hit with a few trackback by Jeremy (2005-02-13)