Is there a solution for this? Other than turning off TB's? What about Haloscan for comment spam? I used that on Blog*Spot and never had spam, TB or Comment.

I too get hammered, not as much as Ogre. Then I delete them...

Any suggestions?

SR

I continued to get hammered most of the morning (EST). This afternoon it's let up a bit, but it's still trickling in. And usually, I LIKE getting hammered...

You're being specifically targeted for something, because I'm down to 1 or 2 trackback spams a month now.

That's pretty darn weird. Thanks for that tip, though!

I think Ted's right, because Snark is blocking 99% of incoming trackbacks. Forward some representative ones to me and I'll see if I can make Snark a bit smarter for you.

Thanks, Pixy. I think many got blacklisted now since I spend a good portion of today getting them there.

No worries.

The way Snark works is it performs a statistical analysis of all the trackbacks received by the munu blogs, and anyone who is sending too many trackbacks gets flagged as a spammer. Depending on the volume and the time frame, this means that further pings from them get blocked either temporarily or permanently. It tracks both domain names and the IP addresses of spammers, and it blocks 99% of trackbacks even before they get to the blacklist.

But - it only works when someone is spamming the whole of munu. If they spam just one blog, and it trickles in overnight, Snark never works out that it's spam.

So it's not perfect, but it has blocked two million trackbacks in four months, which is something we can all be thankful for.

Ah. You should be getting a lot less spam now.

One of the options in Snark!™ is to block trackbacks to old posts, but the definition of "old" was itself somewhat old. I've updated it now, which should stop about 80% of the spam you're getting. MT Blacklist also helps, of course, but it's good to stop the spam as early as possible.

While I was messing around, I also fixed the problem with 2LDs like onex.be and pizdets.be, so it collapses those domains properly and blocks the whole thing, and retroactively collapsed the existing blacklist.

The problem being that it should take out the whole of .onex.be, but not .com.au. The rule I applied is if the top level domain is two letters, only block the second level domain if it is more than three letters. So .com.au or .co.uk are safe, but the weasels at onex.be and pizdets.be are toast.

Of course, the other filter rules (age, volume, IP address etc) usually zap them anyway, but all those throwaway domains were clogging up the blacklist and slowing things down.

Awesome, thanks for the help!

The two big ones that were hitting me were xxxxx (dot) proboards ### (.com) and pubxx.something.com. Once I figured out the format to blog xxx (dot) proboards### (.com), that picked up a lot of them -- but they were also spaced out a few minutes apart to get past the timing check on the spam blocker, those bastards.