I’m being besieged by trackback spam, and I’m wondering if Blogarithms has, in fact been hacked. An automated spammer is adding more than 100 trackbacks per hour to my blog. I’m running the latest version of WordPress as well as the Akismet and Trackback Validator plugins. What worries me is that even though I’ve disabled comments and trackbaks, it hasn’t stopped the spammer. And I don’t immediately find others having this problem. (Ah…I see that turning trackbacks/comments off only affects new posts. It doesn’t protect old posts. Strange design, if you ask me.)
Update: Definitely looks more like Blogarithms has been hacked, since I went into the database and manually set the comment_status for all posts to ‘closed.’ Got any tips? Seen this before? I’m at firstname.lastname@example.org.
Another Update: Okay, so it’s not the comment_status column, it’s ping_status. Setting that to ‘closed’ for all posts stopped the spammers, but it stopped everyone else, too. I then installed all sorts of spam blockers for WordPress, but the one that finally seemed to do the trick was Bad Behavior by Michael Hampton. I haven’t studied it in detail yet, but it did immediately put an end to this one spammer’s attach.