Stop Pingback Spam

We have reports from bloggers that there is new spam in town - pingback spam. Here is what you can do to stop it.

1. Disable

Go to admin/settings/advanced and remove check mark in "enable pingbacks" and "enable trackbacks" opting to not receive them.

2. Patch

Spammers used flaw in the white list logic that allowed any user who already posted number of comments on the blog to bypass validation as "white listed". Problem with pingbacks is that email for them always "pingback" and email is a user identifier along with IP... Download corresponding recompiled core DLL and override existing in the "bin" folder, this should fix white list issue. After you apply this patch, your pingbacks will go through usual anti-spam process and will be passed to Akismet etc. for validation. You can turn pingbacks back on in the settings now.

3. Customize

You can control the way pingbacks and trackbacks displayed in your blog in the themes/yourcustomtheme/commentview.ascx. Here you can add logic to remove any hyperlinks from pingbacks, for example. Also, if you annoyed by pingback emails, you can modify SendCommentMail extension to not send you email if comment is pingback. Just add this line after comment was declared:

if (comment.Email == "trackback" || comment.Email == "pingback") return;

Be_160_Pingback_Patch.zip (110.11 kb)

Be_161_Pingback_Patch.zip (111.17 kb)

* BlogEngine.NET Hosting – Get 3 Months Absolutely Free!

c626818a-4280-4620-acbd-e235ab68a4ad|7|4.4

I tried the patch but it crashed my blog. Luckily had previous DLL for rollback

Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.

[TypeLoadException: Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.]
   System.RuntimeTypeHandle._GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName) +0
   System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) +64
   System.RuntimeType.PrivateGetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) +58
   System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +65
   System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) +342
   System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +52

[ConfigurationErrorsException: Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.]
   System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) +351
   System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement) +56
   System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList) +146
   System.Web.HttpApplication.GetModuleCollection(IntPtr appContext) +1219
   System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +97
   System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +188
   System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +295
   System.Web.HttpApplicationFactory.GetPipelineApplicationInstance(IntPtr appContext, HttpContext context) +56
   System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +231

[HttpException (0x80004005): Could not load type 'BlogEngine.Core.Web.HttpModules.WwwSubDomainModule' from assembly 'BlogEngine.Core'.]
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8894031
   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +85
   System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +333

Dave Burke

5/21/2010 12:23:40 PM #

Thanks for being so on top of this, as always. From reading the check-in notes it looks like the patch has been in the source library for a month or so. Is that correct? It gives me a good excuse for me to grab the latest bits since I can't overwrite my customized BlogEngine.Core.dll with the patch.

Ruslan

5/21/2010 12:38:33 PM #

Good point on custom installs. If you have modified version, all you need is to add condition to check if email is pingback in the CommentHandler.cs. Change from:

if (c.Email.ToLowerInvariant() == comment.Email.ToLowerInvariant()
                        || c.IP == comment.IP)

to:

if ((c.Email.ToLowerInvariant() == comment.Email.ToLowerInvariant()
                        && !(c.Email == "pingback" || c.Email == "trackback"))
                        || c.IP == comment.IP)

5/21/2010 12:25:05 PM #

Also wanted to offer you a belated Thank You for sprucing up the blogengine.net blog theme. Nice!

5/21/2010 12:42:48 PM #

EXCELLENT! THANKS! I'm doing some BlogEngine.NET coding this afternoon and will definitely add this to the list. The specific update is very helpful. Have a great weekend.

Scott Marlowe

5/21/2010 2:16:17 PM #

Yep. I started seeing these a few days ago. Very annoying. Way to go, spammers--ruin another blog feature. I turned mine off.

Dean Chalk

5/22/2010 2:26:54 AM #

5/22/2010 2:49:52 AM #

I've just upgraded to 1.61 - do I still need the patch ?

5/22/2010 11:53:50 AM #

This patch is really re-compiled version of 1.6.1 or 1.6.0 with added condition to pass pingbacks to verification. You still need it as 1.6.1 on CodePlex does not have this check.

Bosch

5/24/2010 7:58:03 PM #

Thanks for the patch!

Is it possible to have the 1.6.1 version with the latest patch uploaded to the Web App gallery so I can offer it to my hostees?

5/24/2010 11:50:05 PM #

We working on web app update, but it will take a while to go through the process. Couple weeks is the best guess.

Krystian

6/2/2010 2:57:58 AM #

Great post. I'm thinking of switching from wordpress, seems like the community here is more focused on fixing problems than making new templates

6/2/2010 9:56:48 AM #

Krystian,

That's an interesting perspective. Thanks for sharing it. Funny! I'd definitely agree with you on the BlogEngine.NET core developers being focused on fixing problems! They're excellent!

-Dave