News site hit by trackback spam

Summary:Leading Filipino website disables its site after a massive porn spam attack, prompting security experts to warn of potential trackback difficulties

Companies have been warned of potential difficulties with trackbacks on their websites after an outbreak of trackback spam — which pointed to adult sites — hit a Filipino news site late last week.

The Newsbreak.com.ph site was targeted on Friday, prompting staff to disable the site for nine hours. "The spammers used the trackback feature to flood our site with links to various porn sites," said a Newsbreak.com article. "We found over 27,000 trackbacks."

A Trackback is a form of link used on news sites and blogs to identify referrer sites. Trackbacks allow website administrators to see who has linked to their sites, and also allow readers to find related links. To track back, the site needs a referrer — the URL that an http look-up is supposed to be coming from — and a user agent — an identifier for a piece of software that connects to a network, usually a web browser.

The problem is that both referrer and identifier are easy to fake. Faking is achieved by writing a small piece of software that sends false information in the header as a request to the server.

Spammers can use trackbacks to hyperlink postings on legitimate sites to sites of their choice. Some spammers link to phishing sites, or overwhelm a blog server with trackback spam in a distributed denial of service (DDoS) attack.

Trackback spam is difficult to deal with, because trackback is not necessarily tied to registration on a site, and even if it is, spammers need only to register to spam the site. It's possible to have trackback spam filters, but they operate by looking for common terms, which can generate a lot of false positives and negatives.

Graham Cluley, senior technology consultant for Sophos, warned that trackbacks are increasingly being exploited. "It's a shame that an innovative technology like trackback should be so widely abused," said Cluley.

Newsbreak has now suspended the trackback feature of its site, and users are being asked to log in before posting any comments. Newsbreak added that it is raising the level of its site security.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.