Spammers use trackbacks, pingbacks, and reblogs

Image: Lime Canvas

This has been a record year for spam attacks on WordPress blogs. And while it may sometimes seem like it, the spammers aren’t targeting just you. Or me. They’re hitting all of us, hammering on every opening they can find, exploiting every possible avenue.

I’ve discussed Like, Follow, and Comment spam, but there are other approaches. Trackbacks, pingbacks, and reblogs. You should be watching these very closely for spam as well.

The WordPress Reblog function can be used by spammers to plant a link on your blog. When someone reblogs one of your posts, don’t just accept it as flattery or a way to increase your blog’s visibility. Don’t let that reblog notification and link appear in your comments until you’ve carefully checked out the reblogger’s website to make sure it’s legitimate and not a splog or commercial website trying to boost its own ratings. If it looks like spam, delete the link. If it’s a WordPress blog, report it (see below).

Trackbacks are notifications/links from non-WordPress websites saying they’ve mentioned and linked to one of your posts. Pingbacks are notifications/links from other WordPress blogs or from your own internal links (self-pings). If you allow it, such links will appear in or just below your comments (depends on your theme’s design). If the linked website is a splog or commercial website, you don’t want their link on your blog. Check out such websites as carefully as you would a reblogger’s website.

WHAT TO DO: If a link is spam, delete it. If it’s a trackback, pingback, or comment, mark it as spam so Akismet will block it in the future. You can block all pingbacks and trackbacks under Settings > Discussion (clear the second box from the top) or block them on a per post basis on your Add New or Edit Post pages. If the offending site is a WordPress blog, report it. To do this, mouse over the blog’s name in your administrator’s bar. In the dropdown menu you’ll see “Report this content.”

Even your own self-pings can be exploited. I recently noticed that mine were being flagged for moderation, so I contacted Akismet to find out why. Here’s my note to them:

Akismet recently starting holding my own pingbacks for moderation. It never used to. I read somewhere that this could be be because at some point I had inadvertently flagged one of my own comments as spam. I searched through the spam bin at that time and found one cryptic item with “Pied Type” in it and marked it “Not spam.” However, my pingbacks are still being held for moderation.
I did another search of the spam bin today and found three items where spammers had included the words “Pied Type” in their spam messages. As I understand it, leaving those items in the spam bin means Akismet will keep flagging my pingbacks for moderation. (My comments have not been getting flagged, only my pingbacks.) But if I mark them as “Not Spam,” I’m giving a green light to those three spammers. I’m not sure what’s going on here. Hope I’ve explained it clearly enough. If the devs can access it, the three items are here:

[URL for spam files]

And here’s the reply from Akismet:

Trackbacks and Pingbacks were meant to help inter-blog conversation when the specification was created years ago. These days almost 100% of Trackbacks and Pingbacks are spam. They are very heavily abused and the next version of Akismet will block all of them by default. It is the only way to cut off this spammer behaviour as many people do not understand them and leave these links. They see them as harmless when in fact they are not.
What this means is that you will need to manually approve your own pingbacks though we may be adding something that allows self-pings to go through (we need to test that though).
So the answer is I’m afraid I can’t help. The pingback has become a casualty in the spam wars and it’s days are over.

The spam wars continue.

Vigilance, my friends. Eternal vigilance.



16 thoughts on “Spammers use trackbacks, pingbacks, and reblogs

    1. Once upon a time, a nice long list of trackbacks and pingbacks in your Comments section was a sign that a lot of other blogs and websites thought your post was notable. And if your readers were interested, they could click on the links and go see what those other websites were saying about the same topic. They still serve that purpose, if they are legitimate. But apparently these days most of them are spam.

      1. About 6 or 7 years ago, I had a really crazy guy that used to ping me constantly. He wanted me to read his site. He would write about me and fellow commenters and how we were all going to hell. That was pretty funny. I think I need to update my blog. I like how you can respond to each comment like this. I think it is confusing how my blog is….

      2. It looks like maybe on your blog you haven’t enabled nested comments. Go to Settings > Discussion on your Dashboard. In the second section, “Other comment settings,” check “Enable threaded (nested) comments [3] levels deep.” You can change the number, but 3 or 4 works well for most people. That will make replies indent under the comments. If you have problems or questions, let me know.

    1. I just have to ignore Follows now. Can’t afford to jack up my blood pressure by looking at them. By all accounts they’ve been totally ruined by spammers. WordPress should just get rid of them.

  1. Definitely good info to have PT. Somehow, even comments that would automatically be marked as spam are getting through now though. Just between the time I got notice of your post and now, I’ve gotten two of them! My moderation for those newly commenting settings allowed me to mark them as spam myself, fortunately, but I wonder how comments of “etmmus ajikfvdjnw qmdbjb onfridjlu pomwqpb yiwtwdpyfdg uxnfsggd iizwmjcir,” and “lbrnguq zurmedb” have gotten through that far in the first place?!?!

    1. Yep, every day I have a few that get as far as moderation. I can only assume Akismet didn’t send them straight to the spam bin because they were new and had never been reported to Akismet before. Well, they have now. All we can do is all we can do.

    2. Just checked my pending comments and “qpzlwiek whmnzwo mwueyuoxcqe tdixgudi dhksoeexrc fwgngxnfl” was there. I wonder if he’s related to your “etmmus ajikfvdjnw qmdbjb onfridjlu pomwqpb yiwtwdpyfdg uxnfsggd iizwmjcir”?

      1. Wouldn’t surprise me one bit PT, as wicked folk like those will get into bed with almost anyone… And if you’re wondering what inspired me to say that, you should check out the Cletus I just read over at Don in Massachusetts! 😉

  2. sad. I better check my site. just had a weird pingback the other was about atheism in AA; the pingback from a christian book review site. need to take a good look at that one!
    thanks for the heads up.

    1. Of course, it doesn’t have to be a spam site. It might just be one you don’t want to be associated with. You can’t do anything about the link they put on their site, but you certainly don’t have to help publicize their site by allowing their trackback or pingback to appear on your site.

  3. Hey Girl,
    Good post. I didn’t know that Askimet was flagging ping backs. That seems extreme but then I guess things have changed. Used to be pingbacks were a cool thang. Now, not so much.

    Of course I’m one of those weirdos who goes through all their spam to see if anything got caught and I never approve a pingback until I verify it’s a legit blog or site.

    Sorry I’ve been absent so much lately. Still working like the devil to get my biz going. A constant battle unfortunately.

    Take care,

... and that's my two cents