Trackbacks Throttled

[CodeSlinger]

I've been getting some complaints about trackback failures to a weblog on server69. The error that is returned to the source weblog is

Ping 'http://junkyardblog.net/scgi-bin/mt-tb.cgi/5227' failed: HTTP error: 403 Throttled

I've looked around at my MT configuration and I don't have any throttling enabled. That and the fact that it's a 403 error indicates that it is being done by the webserver. Checking my MT logs, I'm only getting 20 or so trackbacks per day (including all spam trackbacks), which shouldn't need to be throttled. I tried opening a ticket but the response was not useful. If I get some time, I'll write up a Perl script to test and demonstrate the problem as requested, but what I really wanted to know is

1. What aspect of the webserver configuration generates a 403: Throttled error?
   
2. Is this configuration on my server, my weblog, the mt-tb script?
   
3. Is the proximate cause traffic at my website or could some other MT weblog be loading the server?
   
4. My mt-tb script is in an scgi-bin directory, is that an issue?
   
5. If I rename the script, would that avoid throttling? Or would that be cheating?
   

[TweezerMan]

I've looked around at my MT configuration and I don't have any throttling enabled. That and the fact that it's a 403 error indicates that it is being done by the webserver.

Trackback ping throttling is always enabled in MT, even if you don't see any settings that would appear to enable it.

 

Any dynamic script (such as .php and .cgi scripts) can return an HTTP error on its own (such as a 403 error). In the case of a trackback ping that is throttled, it is MT that returns the "403 Throttled" error, not the web server.

 

What aspect of the webserver configuration generates a 403: Throttled error?

As noted above, it is not the web server that is returning the "403 Throttled" error, it is MT itself.

 

Is this configuration on my server, my weblog, the mt-tb script?

The configuration settings that control MT's trackback ping throttling are in your mt-config.cgi / mt.cfg file. There are three settings that affect trackback ping throttling:

 

OneHourMaxPings - The maximum number of pings that a weblog can receive in one hour. If this setting is not present, MT uses a default of 10 for this setting.

 

OneDayMaxPings - The maximum number of pings that a weblog can receive in one "day" (with one "day" being determined by the ThrottleSeconds setting below). If this setting is not present, MT uses a default of 50 for this setting.

 

ThrottleSeconds - This setting is the minimum number of seconds between comments from a single IP address. MT also uses this setting when deciding whether to throttle trackback pings with the OneDayMaxPings setting, with one "day" being (4000 * ThrottleSeconds -1) seconds. If this setting is not present, MT uses a default of 20 for this setting. With the default of 20 seconds, one "day" for the OneDayMaxPings setting is a little over 22 hours (80,000 seconds).

 

Is the proximate cause traffic at my website or could some other MT weblog be loading the server?

Yes, the proximate cause would the combination of traffic at your web site and whatever settings MT is using for trackback ping throttling. Another MT weblog would not be able to cause your site to throttle trackback pings.

 

My mt-tb script is in an scgi-bin directory, is that an issue?

 

If I rename the script, would that avoid throttling? Or would that be cheating?

Having MT in an scgi-bin directory would not affect trackback ping throttling.

 

Renaming the script would not be "cheating", but it would have no effect whatsoever on MT's throttling of trackback pings.

 

What you would need to know is the pattern of trackback pings being sent, and what MT is using for the three configuration settings above. Assuming the default for all three settings, even if you receive "only" 20 trackback pings in a single day, receiving one ping per hour for 20 consecutive hours would not trigger throttling by MT. But receiving all 20 within a single hour would cause the last 10 to be throttled, as this would exceed the OneHourMaxPings setting of 10.

 

The OneHourMaxPings and OneDayMaxPings settings are not present in a default mt-config.cgi / mt.cfg file. You can add them to your configuration file if you would like to use settings other than the default. Example:

>OneHourMaxPings 50
OneDayMaxPings 200

ThrottleSeconds should be present in your config file, but commented out. If you wish to alter this setting, you would need to uncomment it (remove the "#" from the beginning of the line).

 

Hope this helps...

[CodeSlinger]

Thanks for the detailed response! I'll go try out those settings to see if they have an effect.

[salguod]

I'm curious if you had any resolution on this.

 

I just tried to to a trackback to my site from a new entry to an old and got that same error. I have not gotten any successful trackbacks on my site since I established it on TCH (2 whole days now). I have gotten many junk trackbacks, 115 as of this writing.

 

Do junk trackbacks count toward the throttling score? If not, then my TB count is zero which would not explain why my trackback was throttled.

[TweezerMan]

Junk trackbacks are included when MT is counting the number of trackbacks received for throttling purposes.

[salguod]

Really, that seems wierd. I thought the point of the throttling was to prevent a barage of TB spam. If it's blocked by SpamLookup, it seems that the throttling wouldn't be needed at that point.

 

Oh well, nothing I can do about it but change my settings.

 

Thanks.

[TweezerMan]

I thought the point of the throttling was to prevent a barage of TB spam. If it's blocked by SpamLookup, it seems that the throttling wouldn't be needed at that point.

SpamLookup is a plugin that just happens to be provided by Six Apart. It's code is not a native part of MT. Trackback throttling is built into the MT code, and is one of the few (weak) defenses against trackback spam that MT natively has.

 

Trackback throttling occurs early in the process of receiving a trackback (before a database record has been created for the trackback), while SpamLookup and other anti-spam plugins process trackbacks much later in the process (after the trackback has been accepted and a database record created for it). If a trackback has been throttled, SpamLookup and other anti-spam plugins won't even see it.

 

If junk trackbacks are preventing you from pinging your own weblog, you can change the settings in MT as described above, or delete the junk trackbacks. You should be able to ping your weblog for at least a short time after deleting the junk trackbacks, until the spammers send enough trackback spams to trigger the throttling again.

[abinidi]

Wow. As a Wordpress user, I can't help but be very grateful for the Bad Behavoir and Spam Karma 2 plugins. I never have to deal with this kind of junk.

 

I'm sorry you do!! Good luck!

[salguod]

Actually, once configured, the SpamLookup plugin that comes bundled wiht MT does a very good job stopping both comment and plugin spam. Every now and then, a couple get through. Seen it happen on WP too, even with spam karma. It's a pain.

[TCH-Bruce]

I run WP with Spam Karma (have been for 2 years now) and I've only had one spam get through.

[salguod]

[salguod eats his words - Blech]

 

Well, I checked the 2 blogs I was referring too. I had thought they had listed they were running Spam Karma, but they did not. Maybe they are, maybe not, I can't tell.

 

Does Spam Karma have a keyword filter? How is it configured? One of the biggest disappointments with Spamlookup in MT is that the keyword filter is blank upon installation. I've got a pretty good list now, but I get a few per month slip through.

 

I used to run a code word image plug in that was 100% effective, but it was a slight pain for my readers so I eliminated it when I went to MT 3.2.

Edited April 27, 2006 by salguod

[TCH-Bruce]

Spam Karma is a plugin. You just copy the files to your plugin folder and activate it. I haven't had to do anything except white-list a couple of friends.

 

As fas as I know you can only use it with Wordpress.