Home » Topic » Computers

Patching Drupal for poker trackback spam

Spammers have begun using trackback comments as a way around the Drupal spam module. Looking over at the Drupal board, I see that some people got hit with hundreds of spam comments. This site got some ads for poker, casinos, and an anti-obesity drug, phentermine. The rising use of comment spam has spurred Google, MSN, Yahoo! and others to embrace the rel="nofollow" tag for hyperlinks.

In the short term, I offer this to Drupal victims:

1) Turn trackbacks off

2) (Optional) Use phpMyAdmin, a database tool, or the Drupal dba module to whack all the spam from the trackback_received and comments tables in your Drupal database. This is easier than using the standard select/delete/verify process for each spam comment.

3) If you know how to patch PHP code, you can try my band-aid. Open the trackback.module file in the modules directory and change the beginning of the trackback_receive() function to:

<?php
...
function trackback_receive(&$node) {
  // Process TrackBack post data.
  $trackback->url = check_url($_REQUEST['url']);
  // Quick fix on trackback spam.
  $evil_words = array( 'poker', 'psxtreme', 'freaky', 'howtoplay', 'holdem', 'casino', 'terashells', 'phentermine' );
  $is_not_spam = 1;
  foreach ($evil_words as $reject_word) {
    // If reject word is in comment, url, or blog name, reject the trackback.
    if (stristr($trackback->url, $reject_word) ||
        stristr($_REQUEST['excerpt'], $reject_word) ||
        stristr($_REQUEST['blog_name'], $reject_word)) {
      $is_not_spam = 0;
      break;
    }
  }
  if ($is_not_spam && $trackback->url && valid_url($_REQUEST['url'], TRUE)) {
...
?>

Add evil words to the array as necessary.

4) Turn trackbacks back on after applying the patch

It's stopped trackback spam for one night, although I wonder how many days or hours it'll take until it's defeated.

February 4, 2005 – 13:59
ComputersPHPSoftware
Bill's blog

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

blank page

Hmm. This should work. I patched, but when I try to go to Administration now, I get a blank page. Commenting out the "foreach" section allows the Admin page to load again. Strange.

jibbajabba (not verified) – February 11, 2005 – 12:18

You might be getting in some

You might be getting in some sort of infinite loop if the syntax isn't exact, e.g. the definition of the array.

In any case, Jeremy has just posted a real fix that we are testing now, and it looks to be working. This requires download the new spam module and applying a patch to the trackback (original) module.
http://drupal.org/node/16690

Good luck.

Bill – February 12, 2005 – 01:41

Got hit with a few trackback

Got hit with a few trackback spam today, so I'm putting my patch back in until we find out what happened to spam module intercept.

Bill – February 13, 2005 – 15:56

re: Got hit with a few trackback

I've requested more info in the tracker issue on drupal.org so we can track down what went wrong. Thanks for your help debugging this.

Jeremy (not verified) – February 13, 2005 – 23:26