IT security and control firm Sophos is warning blog owners and website administrators about the growing risk of trackback spam, following reports that a Filipino online news service, www.newsbreak.com.ph, found over 27,000 links to adult webpages had been posted on its website.
According to media reports, Newsbreak was hit by a flood of links to the illicit websites posted by unknown spammers. The website has now suspended the trackback feature of its site, and users are now asked to log on before posting any comments.
Sophos experts note that trackbacks are a technology used to allow blog authors to observe who has seen and linked to their postings. The system also enables readers to easily locate web postings related to the subject matter. However, it is also open to abuse from spammers, who can connect themselves automatically via trackbacks to postings on legitimate blogs, in the hope of directing surfers to their own sites. Furthermore, trackback spamming can overwhelm a blog server, making it equivalent to a distributed denial of service (DDoS) attack.
"Trackback and comment spam, like their cousin email spam, are a real pain, and can hit newcomers to blogging as well as established websites like Newsbreak," said Graham Cluley, senior technology consultant for Sophos. "No one wants to find their blog hammered with nuisance comments pointing to online drugstores, adult websites or bogus financial advice - not only will your blog then help boost the popularity of these unsavory sites, but you may also be in danger of damaging your reputation with web visitors."
Trackbacks used by blogs can be abused by spammers.
Spammers use automated bots that meddle with legitimate blogs to either advertise goods, or include links to websites in an attempt to boost their search engine rankings. Efforts to combat trackback spam have included collaborative initiatives which share information and create blocklists about websites known to engage in the practice - however, spammers often adopt new disguises to get past these defences.
"Some bloggers have chosen to simply disable trackbacks because they have found the effort required to delete unwanted links has become too much of a burden," continued Cluley. "It's not uncommon for bloggers to find the vast majority of the trackbacks they receive are from spammers. It's a shame that an innovative technology like trackback should be so widely abused."
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.