IT security and control firm Sophos is warning blog owners and
website administrators about the growing risk of trackback spam,
following reports that a Filipino online news service,
www.newsbreak.com.ph, found over 27,000 links to adult webpages had
been posted on its website.
According to media reports, Newsbreak was hit
by a flood of links to the illicit websites posted by unknown
spammers. The website has now suspended the trackback feature of
its site, and users are now asked to log on before posting any
comments.
Sophos experts note that trackbacks are a technology used to
allow blog authors to observe who has seen and linked to their
postings. The system also enables readers to easily locate web
postings related to the subject matter. However, it is also open to
abuse from spammers, who can connect themselves automatically via
trackbacks to postings on legitimate blogs, in the hope of
directing surfers to their own sites. Furthermore, trackback
spamming can overwhelm a blog server, making it equivalent to a
distributed denial of service (DDoS) attack.
"Trackback and comment spam, like their cousin email spam, are a
real pain, and can hit newcomers to blogging as well as established
websites like Newsbreak," said Graham Cluley, senior
technology consultant for Sophos. "No one wants to find their blog
hammered with nuisance comments pointing to online drugstores,
adult websites or bogus financial advice - not only will your blog
then help boost the popularity of these unsavory sites, but you may
also be in danger of damaging your reputation with web
visitors."
Trackbacks used by blogs can be abused by
spammers.
Spammers use automated bots that meddle with legitimate blogs to
either advertise goods, or include links to websites in an attempt
to boost their search engine rankings. Efforts to combat trackback
spam have included collaborative initiatives which share
information and create blocklists about websites known to engage in
the practice - however, spammers often adopt new disguises to get
past these defences.
"Some bloggers have chosen to simply disable trackbacks because
they have found the effort required to delete unwanted links has
become too much of a burden," continued Cluley. "It's not uncommon
for bloggers to find the vast majority of the trackbacks they
receive are from spammers. It's a shame that an innovative
technology like trackback should be so widely abused."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.