BatesLine was hit with 50 trackback pings in the last 10 hours, and not a single one was legitimate.

Trackback is a very useful mechanism that helps tie the blogosphere together. If another blogger comments on one of my entries, the other blogger's blog software will send an automated message (a "ping") to BatesLine notifying me of the link. This then shows up as a "trackback" on the individual entry pages, and it lets you see what's being said about what I'm writing. If the trackback is legitimate, it will link to an entry on another blog that links back to my entry.

At some point, the spammers figured out how to exploit this to peddle their wares on other sites without payment or permission. A trackback spam message puts a link to the spammer's site on one of my entries, but there's no corresponding link back to my site. That's discourteous, but what's worse is that the messages often advertise really horrible stuff.

By simply changing the name of my trackback script, I was able to screen out a lot of the spam, but the spambots have become smarter. Not only did the spambots figure out the changed script name, they sent everyone of those 50 pings from a different IP address. Either they have figured out how to spoof IP addresses, or they have deployed trojan horse programs via e-mail to unsuspecting PC owners, a trick they were already using with spam e-mail.

The balancing act is to foil the spammers without breaking the technology that keeps the blogosphere connected. To make sure I've not broken things too badly, I'd appreciate it if a few bloggers out there who use blog software with trackback auto-discovery (e.g. Movable Type) would post an entry that links to this one, just to see if it still works. (Just like you can't tickle yourself, you can't ping yourself, so I can't test this on my own. And no, this is not just some cheap ploy to boost my inbound link count.)