Bloggers swamped by trackback spam

'Trackback' spam can act like a distributed denial of service attack

Blog owners and website administrators have been alerted to the growing risk of 'trackback' spam, following reports that Filipino online news service Newsbreak found over 27,000 links to adult web pages posted on its website. 

Trackbacks allow blog authors to observe who has seen and linked to their postings, and enables readers to easily locate web postings related to the subject matter.

However, it is also open to abuse from spammers who can connect automatically via trackbacks to postings on legitimate blogs.

IT security firm Sophos said that Newsbreak was hit by a flood of links to illicit websites posted by spammers.

The website has now suspended the trackback feature of its site, and users are being asked to log on before posting any comments.

Sophos warned that trackback spamming can overwhelm a blog server, making it equivalent to a distributed denial of service attack.

"Trackback and comment spam, like their cousin email spam, are a real pain and can hit newcomers to blogging as well as established websites like Newsbreak," said Graham Cluley, senior technology consultant for Sophos.

"No one wants to find their blog hammered with nuisance comments pointing to online drugstores, adult websites or bogus financial advice.

"Not only will your blog then help boost the popularity of these unsavoury sites, but you may be in danger of damaging your reputation with web visitors."

Spammers use automated bots that meddle with legitimate blogs to advertise goods or include links to websites in an attempt to boost their search engine rankings.

Efforts to combat trackback spam have included collaborative initiatives which share information and create 'blocklists' about websites known to engage in the practice. However, spammers often adopt new disguises to get past these defences.