IT security and control firm Sophos is warning blog owners and Web site administrators about the growing risk of trackback spam, following reports that a Filipino online news service, www.newsbreak.com.ph, found over 27 000 links to adult Web pages had been posted on its Web site.
According to Sophos, Newsbreak was hit by a flood of links to the illicit Web sites posted by unknown spammers. The Web site has now suspended the trackback feature of its site, and users are being asked to log on before posting any comments.
Sophos experts note trackbacks are a technology used to allow blog authors to observe who has seen and linked to their postings. The system also enables readers to easily locate Web postings related to the subject matter.
However, it is also open to abuse from spammers, who can connect themselves automatically via trackbacks to postings on legitimate blogs, in the hope of directing surfers to their own sites. Furthermore, trackback spamming can overwhelm a blog server, making it equivalent to a distributed denial-of-service (DDoS) attack.
"Trackback and comment spam, like e-mail spam, are a real pain, and can hit newcomers to blogging as well as established Web sites like Newsbreak," says Brett Myroff, CEO of master Sophos distributor, NetXactics.
While no one wants to find their blog hammered with nuisance comments pointing to online drugstores, adult Web sites or bogus financial advice, or have their blog help boost the popularity of these unsavoury sites, bloggers may also be in danger of damaging their reputation with Web visitors.
Spammers use automated bots that meddle with legitimate blogs to either advertise goods, or include links to Web sites in an attempt to boost their search engine rankings. Efforts to combat trackback spam have included collaborative initiatives which share information and create blocklists about Web sites known to engage in the practice - however, spammers often adopt new disguises to get past these defences.
"Some bloggers chose to simply disable trackbacks because they have found the effort to delete unwanted links too much of a burden," says Myroff. "It's not uncommon for bloggers to find the vast majority of the trackbacks they receive to be from spammers. It's a shame that an innovative technology like trackback should be so widely abused."
More information, including examples of typical trackback spam messages, can be found at http://www.sophos.com/pressoffice/news/articles/2007/03/blog-comment-spam.html.
Share
NetXactics is a South African-based company, focused on the provision of security solutions. It is the Master Distributor for UK-based Sophos Plc, one of the leaders in the provision of anti-virus and anti-spam software for the corporate environment. For more information, visit NetXactics at www.netxactics.co.za.
Editorial contacts