[wp-hackers] WordPress Checking Own Pingbacks - Intended Behavior?

Otto otto at ottodestruct.com
Mon Nov 19 16:54:22 GMT 2007


On 11/19/07, Computer Guru <computerguru at neosmart.net> wrote:
> 1) What would someone benefit by spammingy our blog with links to itself?

Denial of Service. Hit it with enough fake pingbacks, site goes down,
database fills up, etc.

> 2) Define it to be "local" and valid
>
> a) the pinging post's uri is ^%YOUR_BLOG_URI%.+$
>
> b) pinging post's contents contain a link to yours.
>
> c) pinged post does not already contain link from pinging post.
>
> Wouldn't that do it?

Seems like a heck of a long way to go when simply not writing posts
that look like spam makes more sense. ;-)

Seriously, as was pointed out before, if you disable Akismet, then
it's not working at all. So it can't flag anything as spam then. If
this is happening even when Akismet is disabled, then you need to look
elsewhere for the problem. Generally speaking, I've not had Akismet
flag any of my self-pingbacks as spam, but clearly it could happen.
However, I'm not convinced that it's happening enough to warrant this
kind of code change. Are we *certain* that it's Akismet doing it? I
don't like the idea of adding a possible way for pingbacks or anything
else to bypass the spam filters unless we're absolutely certain that
it's necessary.

> Or, a one-click way: define a new function that directly adds an internal
> pingback - it can only be accessed from code, therefore pingback is
> guaranteed to be local.

I would be more receptive to this notion. Pingbacks that are
processing to self will be recognizable by the blog URL being in the
pinged url. Then a pingback can be added directly without the need to
do the http request work.


More information about the wp-hackers mailing list