Trackback spam

Woke up this morning to find 116 notices of trackback spam littering my inbox. Out of the blue, and I notice that a whole bunch of other weblogs got hit today, too. It appears some spammer finally wrote a script to exploit trackback. Ah, well. It was easy enough to fix; do a quick mod to my add_trackback.php file, redirecting bad traffic, and a quick SQL query on the database to clear out the offending spam, less than 10 minutes. Gotta love having absolute control over my system.

More on trackbacks

Some more on trackbacks. To my mind, they are simply another form of comment, so that’s exactly how I’m treating them. You won’t see a special “Trackback” down there next to the “Comments” link. Instead, they’ll just be integrated with the comments in chronological order.

I think I saw Sam Ruby doing this first, and it makes much more sense to me to treat trackbacks this way.

Trackback is on

I’ve finally bitten the bullet and implemented Trackback here—well, half of it, anyway. My site should now be able to handle Trackback pings from other sites. I even implemented the RDF autodiscovery crap, but added a bonus: a new meta tag like so:

<meta name="" content="Trackback URL for a particular entry">

So maybe I can influence client software development in some small way with this.

I haven’t implemented outgoing Trackback pings yet—i.e., me pinging others’ sites when I link to them. I’ll get around to it at some point.


Jeremy Zawodny had a post imagining a corporate worst-case scenario involving that ubiquitous Movable Type-developed technology, TrackBack. I’d been musing over TrackBack for awhile, and two things yesterday got me looking deeper into it: Zawodny’s blog entry, and the link to my site from Ensight that I detailed in my previous entry.

I’ll admit, before yesterday what I knew about TrackBack was fairly minimal: it was a way to let sites know when other sites were linking to them (by sites, I suppose it should be clarified I mean blogs)—which to me is basically the equivalent of scanning the webserver’s referrer logs. Hence, I’ve more-or-less ignored implementing it in my own software.

I’m rethinking that decision now, largely because of the Ensight link. You know how I found that link to me? Technorati. (I would’ve seen it in the Apache logs, sooner or later, but I’ve been behind on those lately.) It occurred to me, though, that if I hadn’t checked Technorati, or if the post containing the link to me had scrolled off of Ensight’s front page and off Technorati, then I might never have known that I had been linked to.

TrackBack might change that. I say “might” because I’m still on the fence, as far as it goes. I can’t deny that if I had a TrackBack implementation in place, I would have gotten a notification of linkage in this case—Ensight runs Movable Type, which of course runs TrackBack. So I looked into the TrackBack specs yesterday to educate myself.

Here’s my official “from the fence” opinion:

TrackBack is a rather ugly kludge, albeit somewhat clever.

It has its good points, and its bad points. Here’s the good points:

  • The concept. It’s good, I admit it. However, it took a close reading of the technical spec to get it across to me. The most important thing about the concept is that it can transcend the weblog world; done right, this could be a powerful tool for all sorts of Web applications.
  • It uses plain-vanilla HTTP calls to ping other sites. Simple, easy to implement, firewall-friendly.
  • The autodiscovery concept—having your client try to automagically retrieve and ping a site based on the link you give it is neat.
  • Adoption. Almost all Movable Type and TypePad blogs I’ve seen use it, and a good number of other blog tools use it too. It’s got the inertia.

Now, the bad:

  • It’s too vague and confusing. Prior to yesterday, I only had an inkling of how it worked and what it did, and I’m pretty savvy at this stuff; I just couldn’t grok what exactly was going on when viewing sites that use it.
  • Related to the previous point, the name itself doesn’t work for me, it makes me want to only look in one direction for links (back) while the spec several times emphasizes it’s a peer-to-peer technology (ie., two-way). Too much confusion and vague imagery doesn’t breed a good market presence.
  • The execution leaves me a bit cold. That’s tough to quantify, I know, but it just seems to me to be too Movable Type-centric, and hence too limited to be the real-world peer-to-peer communication framework it wants to be.
  • The autodiscovery solution, while clever, is an ugly hack: embedding RDF into the HTML of a page? Worse, having to surround it with HTML comment tags to avoid breakage? Ick, ick, ick. Seems to me a better solution would have been to embed the autodiscovery stuff in HTML meta tags, like the RSS autodiscovery link you’ll find in many sites (including my own). Even something simple along these lines, like:<meta name="trackback" content="">

    would do. And it would play nicely. I’ve noticed more than once that sites with that embedded RDF cause script errors in my browser.

So while TrackBack, conceptually, is good, its execution is kludgy and ugly. Because of this, I probably wouldn’t give serious consideration to implementing it on my site… except for the fact that it’s being highly adopted, and as a community-building tool it’s better than nothing at all. Do I want to miss the boat? I don’t know, yet.

Other thoughts? What do you all think? Is TrackBack good enough? Or could it be better?