Is IP Address Validation of Trackbacks Fraught With Dangers (Large False Positives)?

By Angsuman Chakraborty, Gaea News Network
Tuesday, February 5, 2008

There is a trackback validator plugin which checks if the IP address of the trackbacking server is the same as the URL it is trackbacking for. Is this a valid check or will this result in losing many genuine trackbacks?

This policy in general will work only when you are directly using the authoring interface of the blogging software like WordPress. However many use offline tools to blog. Many of the advanced offline tools allow trackbacking from their interface. Also not all blogs are dynamically generated. Blogging software which creates static web pages (like the popular Thingamablog) cannot trackback from the blog site itself. Such blogging software are forced to trackback / pingback from the client interface. Such blogs will therefore be prevented from trackbacking should IP address validation be enforced.

Popular blogs are often hosted on multiple servers with DNS based load balancing. Effectively that means the blog will have multiple IP addresses. Suppose n IP addresses used to load balance. So for such blogs, even when using the authoring interface of the blog on the server side, there is a (n - 1) / n probability that the trackback will fail.

Thirdly trackbacking is independent from actual blogging. So it is logical that advanced blogging platforms (nor or in future) may decide to offload it to other servers for performance or centralization reasons (for multi-blog environments).

So to summarize I think IP address validation of blogs is an incorrect approach to verify trackbacks (example plugin) and can result in losing many valid trackbacks.

What are your thoughts on this?

Discussion
May 13, 2009: 12:00 pm

Great point and very interesting food for thought. I’m not sure I have any clients I can replicate this with, but will bear in mind for the future. Regards

May 6, 2008: 7:51 am

[...] Is IP Address Validation of Trackbacks Fraught With Dangers (Large False Positives)? Cool SEO Redirection Feature in WordPress 2.3.x » Overview of Exploits Block List - XBL [...]

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :