quietearth [General News 11.03.06]



I get spam alot in comments, but especially in trackbacks and pingbacks. This is a pretty common problem and there are quite a few services you could plug into to run checks against these, some are listed in the wikipedia article about splogs at http://en.wikipedia.org/wiki/Splog. I am just going to concentrate on the more immediate fight.

Option 1 - Check the remote url for a link to your post
The easiest thing to implement is checking the remote link sent in a trackback/pingback entry to see if the article they are linking to on your site has your url in it. We can easily do this with the following code. I should also mention the lack of security in here, variable $url will be grabbed and checked for your article url, so make sure this is validated before being passed off to this function.


# $url is the remote url
# $myurl is the link we are looking for on the remote page
function checkforlink($url, $myurl) {
        $parts = parse_url($url);
        if (!isset($parts['scheme'])) {
                return(1);
                }
        if ($parts['scheme'] != 'http') {
                return(1);
                }
        if (!isset($parts['host'])) {
                return(1);
                }
        $host = $parts['host'];
        $port = 80;
        if (isset($parts['port'])) $port = $parts['port'];
        $path = "/";
        if (isset($parts['path'])) $path = $parts['path'];
        if (isset($parts['query'])) $path .="?".$parts['query'];
        if (isset($parts['fragment'])) $path .="#".$parts['fragment'];

        #print "trying scheme: ".$parts['scheme']." host: $host port: $port path $path<br />\n";
        #print "<br />\n";

        $fp = fsockopen($host, $port);
        fwrite($fp, "GET $path HTTP/1.0\r\nHost: $host\r\n\r\n");
        $response = "";
        while (is_resource($fp) && $fp && (!feof($fp))) {
                $response .= fread($fp, 1024);
                }
        fclose($fp);

        if (ereg($myurl, $response)) { # we found a match
                return(0);
                }
        return(1);
        }

It's that simple.

Option 2 - Moderation System
All we need is to add a row into our database which holds our pingbacks/trackbacks and set this to some type of number value like int. When we receieve a request, set this value to 0 and send yourself an email, if it's valid you can set this to 1, otherwise delete it. I don't use this, so there is no sample code to post, but you get the idea.

Option 3 - Speed limit
Unfortunately this is pretty useless when dealing with a botnet as they will be coming from different ip addresses, so I wouldn't reccomend spending the time on implementing this.

Leave a comment

Your Comment

Related articles