Ok, commenting is effectively disabled, so this morning there are 15 trackback spam links…
Just in case anyone wondered what ‘they’ do next, and yes, for the moment Trackback has been disabled (if it turns out to be an exploit rather than a real Trackback, then it’ll be back on again once it’s patched).
Dave
It seems to me that there’s a fundamental problem with using an out-of-the-box blogging tool/suite; both mine and Claire’s blogs (also wordpress) are getting hammered with comments and trackbacks. It’s getting to the point where our core router is filtering out more IP addresses than it’s letting in 🙂
Anyway, it seems to me that the problem is that the spammers seem to know where to look for the files which cause comments to be injected into the system. My next plan of attack is security through obscurity and rename some/all of the files in the wordpress installation. The only thing this will break is trackbacks, as I understand them, but as they seem useless, I’ll not lose any sleep 🙂
Maybe it’ll work, maybe it won’t. But it’s surely easier than deleting/not approving umpteen hundred messages a day.
ian
That looks like the best (short term) fix – I was wondering about a modified WP installer that simply renamed all of the wp- files and directories to either a random or user-supplied prefix: that way all WP installations would look different, but then all that would need to be done is to parse the HTML to read the links, so I don’t know if it would be a decent solution or just another stopgap measure.
The monoculture is a problem though – my custom blog, although never finished, had zero spam entries. It also looked bad and had very few (two ?) comments anyway, but it was just too hard for anyone to bother figuring out, a point made by the writer of a CAPTCHA breaking AI (see this post)