{"id":18053,"date":"2009-06-02T10:00:01","date_gmt":"2009-06-02T10:00:01","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2009\/06\/02\/spam-trackback-attack-returns-its-not-a-matter-of-whether-but-how-much\/"},"modified":"2009-06-02T10:00:01","modified_gmt":"2009-06-02T10:00:01","slug":"spam-trackback-attack-returns-its-not-a-matter-of-whether-but-how-much","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20090602-01\/?p=18053","title":{"rendered":"Spam trackback attack returns, it&#8217;s not a matter of whether but how much"},"content":{"rendered":"<p> Like microsoft.com, <a href=\"http:\/\/radar.oreilly.com\/2009\/05\/velocity-preview---the-greates.html\"> the question isn&#8217;t <i>whether<\/i> blogs.msdn.com site is under attack but rather how bad the attack is right now<\/a>. <\/p>\n<p> There are a number of regular culprits, like <code>codedstyle.com<\/code>, <code>anith.com<\/code>, <code>simplynetdev.com<\/code>, but those sites tend to focus on the most recent few articles. A new category of trackback spammer is here: The <i>I&#8217;m going to scrape your entire site and create a trackback for every article<\/i> trackback spammer. <\/p>\n<table border=\"1\" rules=\"all\" style=\"border-collapse: collapse\" cellpadding=\"3\">\n<col span=\"3\">\n<col span=\"2\" align=\"right\">\n<tr>\n<th>Site<\/th>\n<th>From<\/th>\n<th>To<\/th>\n<th>Count<\/th>\n<th>Rate (pings\/hr)<\/th>\n<\/tr>\n<tr>\n<td><code>paidsurveyshub.info<\/code><\/td>\n<td>5\/28\/2009 04:27 PM<\/td>\n<td>5\/28\/2009 04:41 PM<\/td>\n<td>27<\/td>\n<td>111<\/td>\n<\/tr>\n<tr>\n<td><code>www.newillinoismesotheliomalawyers.co.cc<\/code><\/td>\n<td>5\/28\/2009 05:18 PM<\/td>\n<td>5\/28\/2009 05:18 PM<\/td>\n<td>1<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code>codedstyle.com<\/code><\/td>\n<td>5\/29\/2009 07:25 AM<\/td>\n<td>5\/29\/2009 07:26 AM<\/td>\n<td>5<\/td>\n<td>240<\/td>\n<\/tr>\n<tr>\n<td><code>asp-net-hosting.simplynetdev.com<\/code><\/td>\n<td>5\/29\/2009 07:34 AM<\/td>\n<td>5\/29\/2009 07:36 AM<\/td>\n<td>2<\/td>\n<td>30<\/td>\n<\/tr>\n<tr>\n<td><code>www.anith.com<\/code><\/td>\n<td>5\/29\/2009 08:24 AM<\/td>\n<td>5\/29\/2009 08:24 AM<\/td>\n<td>1<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code>paidsurveyshub.info<\/code><\/td>\n<td>5\/29\/2009 09:07 AM<\/td>\n<td>5\/29\/2009 10:26 AM<\/td>\n<td>73<\/td>\n<td>55<\/td>\n<\/tr>\n<tr>\n<td><code>microsoft-sharepoint.simplynetdev.com<\/code><\/td>\n<td>5\/29\/2009 10:39 AM<\/td>\n<td>5\/29\/2009 10:39 AM<\/td>\n<td>2<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code>paidsurveyshub.info<\/code><\/td>\n<td>5\/29\/2009 12:09 PM<\/td>\n<td>5\/30\/2009 04:33 AM<\/td>\n<td>584<\/td>\n<td>36<\/td>\n<\/tr>\n<tr>\n<td><code>outdoorceilingfansite.info<\/code><\/td>\n<td>5\/30\/2009 11:49 PM<\/td>\n<td>5\/31\/2009 12:09 AM<\/td>\n<td>206<\/td>\n<td>615<\/td>\n<\/tr>\n<tr>\n<td><code>woodtvstand.info<\/code><\/td>\n<td>5\/31\/2009 02:47 PM<\/td>\n<td>5\/31\/2009 06:01 PM<\/td>\n<td>507<\/td>\n<td>157<\/td>\n<\/tr>\n<tr>\n<td><code>patiochairsite.info<\/code><\/td>\n<td>5\/31\/2009 08:47 PM<\/td>\n<td>5\/31\/2009 09:18 PM<\/td>\n<td>24<\/td>\n<td>45<\/td>\n<\/tr>\n<tr>\n<td><code>hammockstandsite.info<\/code><\/td>\n<td>5\/31\/2009 10:20 PM<\/td>\n<td>5\/31\/2009 10:44 PM<\/td>\n<td>28<\/td>\n<td>68<\/td>\n<\/tr>\n<tr>\n<td><code>indoorgrillsrecipes.info<\/code><\/td>\n<td>6\/01\/2009 12:46 AM<\/td>\n<td>6\/01\/2009 01:00 AM<\/td>\n<td>20<\/td>\n<td>81<\/td>\n<\/tr>\n<tr>\n<td><code>portablegreenhousesite.info<\/code><\/td>\n<td>6\/01\/2009 03:05 AM<\/td>\n<td>6\/01\/2009 04:35 AM<\/td>\n<td>102<\/td>\n<td>67<\/td>\n<\/tr>\n<tr>\n<td><code>uniformstores.info<\/code><\/td>\n<td>6\/01\/2009 05:41 AM<\/td>\n<td>6\/01\/2009 07:00 AM<\/td>\n<td>68<\/td>\n<td>51<\/td>\n<\/tr>\n<tr>\n<td><code>asp-net-hosting.simplynetdev.com<\/code><\/td>\n<td>6\/01\/2009 07:13 AM<\/td>\n<td>6\/01\/2009 07:13 AM<\/td>\n<td>1<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code>codedstyle.com<\/code><\/td>\n<td>6\/01\/2009 07:40 AM<\/td>\n<td>6\/01\/2009 07:40 AM<\/td>\n<td>2<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code>woodtvstand.info<\/code><\/td>\n<td>6\/01\/2009 10:27 AM<\/td>\n<td>6\/01\/2009 11:48 AM<\/td>\n<td>397<\/td>\n<td>294<\/td>\n<\/tr>\n<tr>\n<td><code>patiochairsite.info<\/code><\/td>\n<td>6\/01\/2009 11:46 AM<\/td>\n<td>6\/01\/2009 12:02 PM<\/td>\n<td>10<\/td>\n<td>38<\/td>\n<\/tr>\n<tr>\n<td><code>hammockstandsite.info<\/code><\/td>\n<td>6\/01\/2009 12:07 PM<\/td>\n<td>6\/01\/2009 12:15 PM<\/td>\n<td>21<\/td>\n<td>158<\/td>\n<\/tr>\n<tr>\n<td><code>indoorgrillsrecipes.info<\/code><\/td>\n<td>6\/01\/2009 12:17 PM<\/td>\n<td>6\/01\/2009 12:36 PM<\/td>\n<td>51<\/td>\n<td>161<\/td>\n<\/tr>\n<tr>\n<td><code>portablegreenhousesite.info<\/code><\/td>\n<td>6\/01\/2009 12:36 PM<\/td>\n<td>6\/01\/2009 01:03 PM<\/td>\n<td>67<\/td>\n<td>149<\/td>\n<\/tr>\n<tr>\n<td><code>uniformstores.info<\/code><\/td>\n<td>6\/01\/2009 01:04 PM<\/td>\n<td>6\/01\/2009 01:38 PM<\/td>\n<td>80<\/td>\n<td>141<\/td>\n<\/tr>\n<tr>\n<td><code>paidsurveyshub.info<\/code><\/td>\n<td>6\/01\/2009 10:47 PM<\/td>\n<td>6\/02\/2009 01:20 AM<\/td>\n<td>16<\/td>\n<td>6<\/td>\n<\/tr>\n<\/table>\n<p> I&#8217;m pretty sure this will continue for at least the next week. I think I&#8217;m going to have to write a script that auto-deletes all these bogus trackbacks. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Like microsoft.com, the question isn&#8217;t whether blogs.msdn.com site is under attack but rather how bad the attack is right now. There are a number of regular culprits, like codedstyle.com, anith.com, simplynetdev.com, but those sites tend to focus on the most recent few articles. A new category of trackback spammer is here: The I&#8217;m going to [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[103],"class_list":["post-18053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-non-computer"],"acf":[],"blog_post_summary":"<p>Like microsoft.com, the question isn&#8217;t whether blogs.msdn.com site is under attack but rather how bad the attack is right now. There are a number of regular culprits, like codedstyle.com, anith.com, simplynetdev.com, but those sites tend to focus on the most recent few articles. A new category of trackback spammer is here: The I&#8217;m going to [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/18053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=18053"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/18053\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=18053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=18053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=18053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}