Anti-ip Address Spoofing

[CodeSlinger]

Thanks to TCH, I unthrottled my trackbacks and I am no longer getting complaints about them getting dropped. As part of that effort, I installed some custom anti-spam software. This software maintains a .htaccess file which is updated whenever a junked trackback is recieved to ban the IP address of the host that sent the spam. Addresses are removed when the junk is cleaned up by MovableType, so it's very low maintenance. And since the file is updated on by junk, normal users aren't affected.

 

However, even after 10 days of having this running, I am still getting a few hundred spam trackbacks per day. This a few hundred new IP addresses that are sending spam trackbacks every day. Based on the spam content, it is almost entirely the same spammer. The ban list is at 4225 addresses right now with no sign of the growth slowing. I begin to wonder if this guy can really have that many zombies pumping out the spam attacks. Is it possible that he is spoofing IP addresses? Since trackbacks do not require any data from the server, it is theoretically possible to IP spoof them even via TCP. There are some standard counter measures and I was curious if those are active on TCH servers.

[TCH-Rob]

None that I am aware of. I will defer to staff for a final answer.