Fake WordPress/2.1-alpha3 Trackback Spam Countermeasure (and a factoid) (Updated)

Posted by Chris Samuel on Apr 22nd, 2007
2007
Apr 22

For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.

BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1

Order allow,deny
deny from env=spambot
allow from all

That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..

On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:

220 ESMTP service ready
help
250 ok
quit
250 ok
quit
250 ok
bye
250 ok
^]
telnet> quit
Connection closed.

Very odd!

Update: Also see Fight Blog Spam with Apache.

2 Responses

  1. Kevin Says:
    April 26th, 2007 at 4:52 am

    Will this block real trackbacks as well?

  2. Chris Samuel Says:
    April 26th, 2007 at 8:13 pm

    Only if they are using that particular alpha release and if they are they’ve got worse problems to worry about than a few trackbacks being blocked. :-)