Stop Pingback Spam

We have reports from bloggers that there is new spam in town - pingback spam. Here is what you can do to stop it.

1. Disable

Go to admin/settings/advanced and remove check mark in "enable pingbacks" and "enable trackbacks" opting to not receive them.

2. Patch

Spammers used flaw in the white list logic that allowed any user who already posted number of comments on the blog to bypass validation as "white listed". Problem with pingbacks is that email for them always "pingback" and email is a user identifier along with IP... Download corresponding recompiled core DLL and override existing in the "bin" folder, this should fix white list issue. After you apply this patch, your pingbacks will go through usual anti-spam process and will be passed to Akismet etc. for validation. You can turn pingbacks back on in the settings now.

3. Customize

You can control the way pingbacks and trackbacks displayed in your blog in the themes/yourcustomtheme/commentview.ascx. Here you can add logic to remove any hyperlinks from pingbacks, for example. Also, if you annoyed by pingback emails, you can modify SendCommentMail extension to not send you email if comment is pingback. Just add this line after comment was declared:

if (comment.Email == "trackback" || comment.Email == "pingback") return;

 

Be_160_Pingback_Patch.zip (110.11 kb)

Be_161_Pingback_Patch.zip (111.17 kb)


Comments (12) -

  • Dave Burke

    5/21/2010 12:23:40 PM |

    Thanks for being so on top of this, as always. From reading the check-in notes it looks like the patch has been in the source library for a month or so.  Is that correct?  It gives me a good excuse for me to grab the latest bits since I can't overwrite my customized BlogEngine.Core.dll with the patch.

    • Ruslan

      5/21/2010 12:38:33 PM |

      Good point on custom installs. If you have modified version, all you need is to add condition to check if email is pingback in the CommentHandler.cs. Change from:

      if (c.Email.ToLowerInvariant() == comment.Email.ToLowerInvariant()
                              || c.IP == comment.IP)

      to:

      if ((c.Email.ToLowerInvariant() == comment.Email.ToLowerInvariant()
                              && !(c.Email == "pingback" || c.Email == "trackback"))
                              || c.IP == comment.IP)

  • Dave Burke

    5/21/2010 12:25:05 PM |

    Also wanted to offer you a belated Thank You for sprucing up the blogengine.net blog theme.  Nice!

  • Dave Burke

    5/21/2010 12:42:48 PM |

    EXCELLENT!  THANKS!  I'm doing some BlogEngine.NET coding this afternoon and will definitely add this to the list.  The specific update is very helpful.  Have a great weekend.

  • Scott Marlowe

    5/21/2010 2:16:17 PM |

    Yep. I started seeing these a few days ago. Very annoying. Way to go, spammers--ruin another blog feature. I turned mine off.

  • Dean Chalk

    5/22/2010 2:26:54 AM |

    I tried the patch but it crashed my blog. Luckily had previous DLL for rollback

    Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.

    [TypeLoadException: Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.]
       System.RuntimeTypeHandle._GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName) +0
       System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) +64
       System.RuntimeType.PrivateGetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) +58
       System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +65
       System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +342
       System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +52

    [ConfigurationErrorsException: Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.]
       System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +351
       System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement) +56
       System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList) +146
       System.Web.HttpApplication.GetModuleCollection(IntPtr appContext) +1219
       System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +97
       System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +188
       System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +295
       System.Web.HttpApplicationFactory.GetPipelineApplicationInstance(IntPtr appContext, HttpContext context) +56
       System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +231

    [HttpException (0x80004005): Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.]
       System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8894031
       System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +85
       System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +333

  • Dean Chalk

    5/22/2010 2:49:52 AM |

    I've just upgraded to 1.61 - do I still need the patch ?

    • Ruslan

      5/22/2010 11:53:50 AM |

      This patch is really re-compiled version of 1.6.1 or 1.6.0 with added condition to pass pingbacks to verification. You still need it as 1.6.1 on CodePlex does not have this check.

  • Bosch

    5/24/2010 7:58:03 PM |

    Thanks for the patch!

    Is it possible to have the 1.6.1 version with the latest patch uploaded to the Web App gallery so I can offer it to my hostees?

    • Ruslan

      5/24/2010 11:50:05 PM |

      We working on web app update, but it will take a while to go through the process. Couple weeks is the best guess.

  • Krystian

    6/2/2010 2:57:58 AM |

    Great post. I'm thinking of switching from wordpress, seems like the community here is more focused on fixing problems than making new templates Smile

  • Dave Burke

    6/2/2010 9:56:48 AM |

    Krystian,

    That's an interesting perspective.  Thanks for sharing it.  Funny!  I'd definitely agree with you on the BlogEngine.NET core developers being focused on fixing problems!  They're excellent!

    -Dave

Pingbacks and trackbacks (4)+

Comments are closed