Trackbacks stink.
I noticed that some of my websites went down today for a little while. After a little while, I noticed that it was back up. Later, I got a note from Dreamhost, my web host indicating that one of my movable type files was being attacked, and had to be disabled.
Looking at my logs, it looks like I went through a trackback spam attack. The trackback system is a terrific idea, but it sure is implemented poorly. Since I have been using Movable Type, I have received 5 legitamate trackback pings and probably tens of thousands of spam pings. While the 3.2 version does a great job of identifying these pings as spam and does not publish them, all of the CPU cycles that are used examining these can be taxing. Especially when you are recieving a large volume all at once.
I looked for a patch to resolve the issue, but I really couldn't find that there where any known issues with the MT 3.2 trackback script. I did find a pretty cool plugin, that may help somewhat. AutoBan edits the .htaccess file on the web server to deny service to the IP address that is sending junk spams. With this system, the webhost's CPU will only have to examine the first Ping to determine it's validity. After that, any pings that are sent from the same IP address are totally ignored.
What would be really nice is to see the a simular technology that imports recent entries from the blacklists and pre-emptively blocks them.
It sure is a waste or resources. I don't understand why the spammers keep at it. Movable type doesn't publish many trackbacks anyway. Even if it does publish one, it includes instructions for the search engines that the link is not to be followed. I don't think many website visitors are stupid enough to click through and buy products from a company that has to resort to such weasely advertizing techniques anyway.
Tens of thousands of spam pings?!?!?! Wow, I thought I had it bad with about a 1:2 ratio of real pings to spam pings. I feel for ya, man!