I’m not having problems with junk stuff getting through (I’m ending up with 5-15 junk TBs showing up in “junk” each day), it’s the server burden that worries me. I.e., that my hosting company is eventually going to take action more drastic than disabling my trackback script.

I really hate this. I hate having folks abusing the system preventing me from using something I find useful.

There’s an interesting approach here for renaming the TB script to something random on a chron-job-based schedule. Unfortunately, it’s about a year old, and the config structure in MT has changes since then, and I don’t know nearly enough to screw around with the proposed solution to make it work with my installation.

As you note, zombie addresses are a significant problem in tackling this issue.

I’ll have to take a look at that code. I’m usually reluctant to screw around with actual MT modules, but …

If you really want to live on the edge, you could try this. It changes the trackback interface in a way that makes it much harder for the junkers to guess URLs without interfering with legimate trackbacks. Plus, if you have individual archives, you can set up human computable trackback URLs. Still a bit experimental, however.

I wish I knew if it was cheaper for that error to feed back or if a 404 would be better. Better yet, I wish there was a way to hold back the response for several seconds, to further tie up the bastards’ machines.

Ideally, stuff never gets to the Junk list. If it’s on the Junk list, it means that the MT process has had to do execute it and throw it into Junk, which is good because it never gets to my blog, but bad because it impacts the servers.

My hope, with Autoban, was to keep folks from getting there in the first place. Ditto with renaming the TB script. I need to look at my system logs (can’t do from the office, annoyingly) so that I can see if folks are failing to find the scripts (a good thing). Other than that, I can only watch for clusters of Junked TBs.

Looking at those junked ones, they are mostly coming from just one Bad Guy. The sites they are pointing at are all in the same IP cluster, but the IPs they are posted from are all over the map. (Are they spoofing their IPs, or just have access to a wide array of IP addresses?).

Indeed, it’s that difference between the source link and the posting link is part of what’s turning them into Junk, thanks to SpamFilter.

In theory, someone could be harvesting the revised TB script name since it’s posted on the comments pages (so that folks can manually submit them). But, then, since I have the trackback discovery code inside the posts, it can be harvested from there, too.

Of course, I could resolve the problem by turning off TB … but I decline to do that. Rrg.