jotsheet

I was recently hit by an annoying dose of TrackBack spam. Others have had the same problem. A recent story on Ars Technica says that a growing network of PC “zombies,” infested by malware, are serving as a carpet-bombing spam network for the spammers. I’ve decided to fight back with a simple Perl script.

Approach

Here’s the approach: A moving target is harder to hit than a stationary object. It’s a long-standing recommendation from MT gurus that you should frequently change the filename of your comment and Trackback (TB) scripts and rebuild your blog, but this is a manual process. Many users forget to do so regularly, then one morning they wake up from a hard night o’ blogging and whoosh!—they’ve been hit with a barrage of Trackback spam. So my idea to combat this annoyance was simple:

1. Automatically rename your Trackback script to include a random number.
2. Open up your mt.cfg and insert the new filename.
3. Rebuild the Individual Entry Archives on your blog (necessary only for blogs with static templates).

Since writing the initial version of this script (see changelog), I have extended it to be able to automatically rename Movable Type’s comment script CGI (by default, mt-comments.cgi) as well. This might actually help more people than the original, anti-trackback-spam intention of the script. I believe the code and approach could be easily adapted to address spam in other publishing systems, e.g. WordPress, Bloxsom, pMachine, dasBlog, etc. If you’re interested in undertaking such a task, based on this code, drop me a line or a comment here. More power to ya!

Two months later, I haven’t gotten a single trackback spam after implementing this script. Feel free to post a comment about your results!

Step 1: Download and configure mt_antispam_rename.pl

Okay. First step is to get the Perl script that’s going to rename your script(s) and make the modifications to mt.cfg for you.

• If you’d like to view the script, see mt_antispam_rename.txt (note .txt extension).
• For easy downloading and unzipping, you might prefer the ZIP file: mt_antispam_rename.zip.

Using the script is straightforward. You need to set a couple of variables at the top of the script. Open it up in a text editor, make the appropriate changes, and put it in your MT install directory. The script can be used to modify the Trackback script’s filename and mt.cfg reference; the comment script’s filename and mt.cfg reference; or both.

Figure out what your TB and/or comment script is named right now. By default, Six Apart calls the Trackback script mt-tb.cgi and the comment script mt-comments.cgi. We’re going to change it to the form mt-tb.r123.cgi, where “mt-tb” is the base filename, “123″ is a random number from 0 to 999, and .cgi is the configurable filename extension.

Step 2: Download mt-rebuild (only if you’re using static templates)

If you’re using static templates, you have to be able to rebuild your Individual Entry Archives after Perl works its magic. That’s where Timothy Appnel’s mt-rebuild comes in. Download it to your MT install directory.

Step 3: One-time setup

To get going, you need to do a one-time set of simple tasks. This will also ensure that everything is working properly for the automagic of cron.

1. For each script you want mt_antispam_rename.pl to touch, rename the file to the following format: [basefilename].r[number].cgi. For example, if your Trackback script is currently mt-tb.cgi, rename it to mt-tb.r123.cgi. Don’t forget the “r”!
   • IMPORTANT: The script will modify only the files it finds in your MT install directory that are in the proper [basefilename].r[number].cgi format. If you choose not to rename your Trackback script, it will leave the TrackbackScript reference in mt.cfg alone. Same for the comment script. Don’t bother commenting out the variable declarations in mt_antispam_rename.pl.
2. For each script you want mt_antispam_rename.pl to touch, uncomment the appropriate line from mt.cfg. Uncomment the line beginning with “TrackbackScript” if you’re renaming your TB CGI, and uncomment the line beginning with “CommentScript” if you’re renaming your comment CGI.
3. Run mt_antispam_rename.pl with perl mt_antispam_rename.pl.
4. Check your directory listing. Your script(s) should be renamed. You can also check mt.cfg (do a find on “TrackbackScript” or “CommentScript”) to ensure that it’s been properly modified.)
   • If the Trackback script or comment script has not been renamed, there’s about a 99% chance that you forgot to rename the script’s filename to the form [basefilename].r[number].cgi. Or you forgot to set the simple user variables at the top of the Perl script. Please double-check before e-mailing me.
5. If you’re using static templates (the default), find your blog_id. Go into your MT admin interface and in the browser’s address bar, look for the “blog_id” parameter. The number is the blog_id.
6. If you’re using static templates (the default), run a full rebuild of your Individual Entry Archives with the following command:

   perl mt-rebuild.pl -mode=”archive” -blog_id=n -archive_type=”Individual”

   Where “n” is the blog_id. If you’re using dynamic templates, don’t bother doing this.

7. Check your blog. If everything is golden, then:
   • Your script(s) on the filesystem will have a random number in the filename.
   • This filename will be correctly referenced in mt.cfg.
   • All of your Individual Entry Archives will reference the new filename(s).

Step 4: Setting up the cronjob

Now, on to automation. I offer this section purely as a service, so if you have better or slicker way of setting things up, by all means, be my guest. Anyway, let’s do that crontab thang.

Rebuilding a blog’s Individual Entry Archives, especially a big blog, can take a while, so we have to be a little choosy here. First, we should probably schedule the task to run when the only people awake are teenage delinquents. Something like 5:00 a.m. Also, Don’t get too crazy with rebuilding every hour. Once a day is probably fine.

I’ll leave you to go to that crontab site to customize to your little heart’s content, but included below is an example of how to first run mt_antispam_rename.pl, and one minute later, mt-rebuild. We’ll do it once a day. For those with dynamic templates, you might want to set it to run more often, but don’t get too crazy. For example, if you change it every hour, there’s a very good chance that someone in the middle of composing a blog entry will copy a Trackback URL from your blog, and while they’re writing, your script will go and mess everything up by changing the filename on your side. Then they’re going to get a 404 and wonder what sort of retard you are.

00 5 * * * /usr/bin/perl /filesystem/path/to/mt/mt_antispam_rename.pl
01 5 * * * /usr/bin/perl /filesystem/path/to/mt/mt-rebuild.pl -mode=”archive” -blog_id=n -archive_type=”Individual”

Note: If you’re using dynamic templates, the second line should be omitted, as you won’t need to call mt-rebuild.pl.

Second note: I’ve been having a bit of trouble with the cronjob, but I believe it’s particular to my host. Please let me know if everything works out for you. If you spot anything wrong in this section, drop me a note!

Addenda

The script makes a backup of mt.cfg each time it runs, just in case something goes Chernobyl on ya. This file is called mt.cfg.bk. Thanks to Adam Finlayson and Peter Wood for Perl help (I’m a n00b).

For an excellent resource on Trackback spam in general, including links to others’ means of combating this nuisance, see Elise Bauer’s page on the subject.

Changelog

• v0.1: Initial release.
• v0.2: Streamlined code per Peter Wood’s recommendations. (Thanks, Peter!)
  • v0.2.1: Small change to chmod mt.cfg.bk to 600 for security.
• v0.3: Script extended to work for modifying Movable Type’s comment script as well. Name change from “tb-random-rename.pl” to “mt_antispam_rename.pl” to reflect the more general purpose of the script (it ain’t just for trackback spam).
• v0.4: Fixed a bug with absolute paths that prevented the script from completing when run via cron. (It was fine when run from the command line.)

Share This