Comments on: MovableType Needs TrackBack Whitelists

By: Jean Prouvaire

Jean Prouvaire — Fri, 17 Nov 2006 05:03:04 +0000

Just wanted to pop by and say I agree entirely with your call for efficient trackback whitelists. I also use trackbacks to link related articles and find it annoying to have to adjust the OneDayMaxPings and OneHourMaxPings values whenever adding an entry. In the meantime, I've just installed AutoBan (found courtesy of Su's post above), and whitelisted my domains in .htaccess. Hopefully that will work until SixApart build a more integrated solution.

By: Erik J. Barzeski

Erik J. Barzeski — Fri, 20 Oct 2006 16:13:28 +0000

I have filed the request with them, yes. I always do. Then I wait for a few months, and if I see no movement, I post on my blog. Then it gets a little more attention and, occasionally, gives 'em a kick in the rear to get going.

By: Su

Su — Fri, 20 Oct 2006 16:01:35 +0000

Actually, my dislike of TB comes primarily from disinterest. It was a faintly interesting idea that just sort of never went anywhere, the summaries sent along are often useless, etc. Spam comes a distant last to all of that for me. And yeah, I'm sure part of the reason little has been done has been the spam; just talking about me here. Why whitelisting for this isn't built into MT is something to take up with the devs, obviously. Have you logged a direct complaint/feature request for it? I'd be curious about the explanation.

By: Erik J. Barzeski

Erik J. Barzeski — Fri, 20 Oct 2006 15:41:50 +0000

I disagree that the complaint is misplaced. So few people use TrackBacks these days because they're so resource intensive and so easily spammed that the only remaining use for them may be to create links within a single site or a small group of trusted sites, such as the manner in which I've employed them at The Sand Trap (linking back to "related articles."). I don't think such an option should be turned on in MT by default, but if I don't care to ever receive a TrackBack from a third-party site, whitelisting or a simple checkbox "Only accept TrackBacks from this domain" would benefit a lot of people. My method does indeed remove MT from the equation, but only because it's easier to put a wall up before TrackBack requests get to MT than to attempt to hack into MT to do it there. If SixApart offered a solution that quickly cut off non-whitelisted TBs (and the resources a TB ping consumes), I'd gladly use MT for it. But they don't, and MT still "needs" TrackBack whitelists, IMHO, making the title relevant. Many people, like you, are not fond of TBs. Why? Because they are so easily spammed and so rarely legitimately used that they've gone the way of the dodo. Except that I still find value in them for helping with "related articles." Others - including you - might too if this whitelisting feature was included. I'd look at AutoBan, but more and more I'm trying to do things outside of MovableType because everything it does is SOOO SLOOOOOW. Thank you for your thoughts.

By: Su

Su — Fri, 20 Oct 2006 15:23:12 +0000

Well, honestly, I think your complaint's a bit misplaced, then. In order for the spam/trackback system to determine whether something's spam(or whitelisted) or not, it does need to go in and be checked. All the method you've developed does is completely circumvent that process via an external whitelist. Which is fine and works, but at the same time would seem to remove the "Movable Type" from the title of this post, no? What you've developed is a server whitelist for access to a particular file which just so happens to handle MT trackbacks. Does some other system implement what you're asking for in the precise way you're asking for? I'm actually rather un-fond of TB and rarely use it, so it's entirely possible I'm missing something here. Anyway. It looks from the other post like you got something to work, but you might be interested in looking at the AutoBan system, which I think takes a similar tack, and offers a few other features that may be handy.

By: Erik J. Barzeski

Erik J. Barzeski — Fri, 20 Oct 2006 12:10:41 +0000

Su, you've missed the point. I want immediate rejection of everything not in the whitelist. SpamLookup is a plugin, which involves even more of the MovableType machinery. I routinely have 20-30 "mt-tb.cgi" processes running at a time. If the sending address is not in the whitelist, the app needs to exit the process immediately. See a later entry here on this blog for one such way - outside of MovableType - this can be done.

By: Su

Su — Fri, 20 Oct 2006 02:21:21 +0000

Um, Lookup whitelists?

By: MovableType: An Increasingly Cruddy Pile | NSLog();

MovableType: An Increasingly Cruddy Pile | NSLog(); — Thu, 19 Oct 2006 12:44:04 +0000

MovableType has become a pile of crud lately. Like Khoi, I've seen an increased number of 500 type errors. I've seen server loads of 25 or higher multiple times the past few days, oftentimes simply because mt-speak.cgi and mt-tb.cgi are...