Doc: Add a remark to disable trackback SPAM?

[amenk]

I just got a SPAM post on a site using the FriendlyCaptcha plugin. After checking the logs and the notification, I realized that it's via the trackback function:

example.com:443 x - - [18/Jan/2024:11:09:09 +0100] "POST /sample-page/trackback/ HTTP/1.1" 200 5277 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36"

This standard WordPress function can be disabled under "Discussion -> Allow Link notification". Problem solved.

I am wondering if we should add such a hint for the installation documentation, just to avoid that users think, that FriendlyCaptcha does not reliably fight SPAM :-)

As this function is meant for automatic interaction between blogs, I can not be protected by any Captcha. Disabling seems the only way.

Actually I am surprised that not more SPAM is being posted in via this method.

[amenk]

Problem is not even really solved by the above setting; these are only the default settings for new posts. On an existing site, all posts have to be edited.

Let me know if such a remark would be off-topic.

[gzuidhof]

Hi Alexander,

I'm surprised this is completely unauthenticated - I guess it has to be for it to work between blogs that do not know about one another. As there is no human in the loop, a captcha (of any sort) is probably not really the right solution here. Standard SPAM detection methods can perhaps provide part of the solution here (e.g. a statistical model that looks at the text content), although they are never perfect..

Other than that I can really only think of solutions that require both parties to do something, which removes the nicety of having linkbacks from across the internet. I hope we can have nice things (although history probably says otherwise).