I was about to roll me sleeves up and get busy with mod_security this weekend with a view to further tackling my trackback spam issues, but luckily (for my Apache install if nothing else) Movable Type hacker extraordinaire Brad Choate has released SpamLookup to save me the effort. Where Jay Allen’s well-known MT Blacklist plugin uses centralized URL filters to block spam, SpamLookup concentrates instead on looking at where the trackbacks/comments come from. First among its arsenal of spam fighting techniques is the ability to talk to DNS-based blackhole lists such as the default Blitzed list and the Blog Spam Blocklist. These services publish a regularly updated list of IP addresses – in the case of blitzed and the blog spam blacklist, these IP addresses are known open relays which spammers love to use to cover their tracks.
SpamLookup also checks incoming trackbacks to make sure that the originating IP address matches the weblog the ping is supposedly coming from – it even goes so far as to allow blocking or moderation depending on how close a match there is between the IP address of the trackback and the weblog. Throw in blocking or moderation based on the number of URL’s in the comment, word lists, pass-phrases and support for TypeKey and you have a variety of powerful features.
To round the whole package off, Brad has thrown in the excellent test feature. Once you’ve configured SpamLookup (although the defaults are probably good enough for most), you can use the test to see how SpamLookup reacts to a variety of trackbacks and comments. Some default test cases are provided, or you can roll your own – with the sheer number of configurations possible being able to test your individual setup is very important.
It’s spam prevention features aside, I’d still consider using SpamLookup because of a simple UI feature. When looking at either comment or trackback views, you can select all those entries which have ben moderated. After a wave of trackback spam, I can often have several moderated trackbacks (thanks to MT Approval) to remove – the ability to select all of them with a click of a button is greatly appreciated.