News site hit by trackback spam

Leading Filipino website disables its site after a massive porn spam attack, prompting security experts to warn of potential trackback difficulties

Companies have been warned of potential difficulties with trackbacks on their websites after an outbreak of trackback spam — which pointed to adult sites — hit a Filipino news site late last week.

The site was targeted on Friday, prompting staff to disable the site for nine hours. "The spammers used the trackback feature to flood our site with links to various porn sites," said a article. "We found over 27,000 trackbacks."

A Trackback is a form of link used on news sites and blogs to identify referrer sites. Trackbacks allow website administrators to see who has linked to their sites, and also allow readers to find related links. To track back, the site needs a referrer — the URL that an http look-up is supposed to be coming from — and a user agent — an identifier for a piece of software that connects to a network, usually a web browser.

The problem is that both referrer and identifier are easy to fake. Faking is achieved by writing a small piece of software that sends false information in the header as a request to the server.

Spammers can use trackbacks to hyperlink postings on legitimate sites to sites of their choice. Some spammers link to phishing sites, or overwhelm a blog server with trackback spam in a distributed denial of service (DDoS) attack.

Trackback spam is difficult to deal with, because trackback is not necessarily tied to registration on a site, and even if it is, spammers need only to register to spam the site. It's possible to have trackback spam filters, but they operate by looking for common terms, which can generate a lot of false positives and negatives.

Graham Cluley, senior technology consultant for Sophos, warned that trackbacks are increasingly being exploited. "It's a shame that an innovative technology like trackback should be so widely abused," said Cluley.

Newsbreak has now suspended the trackback feature of its site, and users are being asked to log in before posting any comments. Newsbreak added that it is raising the level of its site security.