plop this into your .htaccess file in the directory where you put your index file. It uses a little overbreadth by loppong off the last number or two, leaving a trailing dot. It can cut out a lot of funny hits, and it returns a very small number of bandwidth bytes. The performance hit is limited, but not optimal.

RewriteEngine on

RewriteCond %{remote_addr} ^61.108.41. [OR] #61.108.41.2
RewriteCond %{remote_addr} ^200.30.79. [OR] #200.30.79.126
RewriteCond %{remote_addr} ^203.76.143. [OR] #203.76.143.153
RewriteCond %{remote_addr} ^220.160.203. [OR] #220.160.203.83
RewriteCond %{remote_addr} ^202.96.1. [OR] #202.96.1.225
RewriteCond %{remote_addr} ^218.56.161. [OR] #218.56.161.11
RewriteCond %{remote_addr} ^203.160.1. [OR] #203.160.1.48
RewriteCond %{remote_addr} ^196.40.43. [OR] #196.40.43.74
RewriteCond %{remote_addr} ^203.160.1. [OR] #203.160.1.39

RewriteCond %{remote_addr} ^69.37.27. [OR]
RewriteCond %{remote_addr} ^72.9.242. [OR]
RewriteCond %{remote_addr} ^218.48.160. [OR]
RewriteCond %{remote_addr} ^222.216.2. [OR]
RewriteCond %{remote_addr} ^200.25.144. [OR]

RewriteCond %{remote_addr} ^200.223. [OR]
RewriteCond %{remote_addr} ^218.219.150. [OR]
RewriteCond %{remote_addr} ^203.146.247. [OR]
RewriteCond %{remote_addr} ^202.88.129. [OR]

RewriteCond %{remote_addr} ^200.122.153. [OR]
RewriteCond %{remote_addr} ^213.23. [OR]
RewriteCond %{remote_addr} ^210.51.162. [OR]
RewriteCond %{remote_addr} ^213.23.149. [OR]
RewriteCond %{remote_addr} ^205.252.23. [OR]
RewriteCond %{remote_addr} ^200.36.112. [OR]
RewriteCond %{remote_addr} ^218.232.213. [OR]
RewriteCond %{remote_addr} ^59.7.88. [OR]
RewriteCond %{remote_addr} ^209.8.22. [OR]
RewriteCond %{remote_addr} ^206.161.205. [OR]
RewriteCond %{remote_addr} ^206.161.192. [OR]
RewriteCond %{remote_addr} ^209.8.40. [OR]
RewriteCond %{remote_addr} ^213.23.147. [OR]
RewriteCond %{remote_addr} ^144.137.30. [OR]
RewriteCond %{remote_addr} ^202.155.218. [OR]
RewriteCond %{remote_addr} ^216.155.76. [OR]
RewriteCond %{remote_addr} ^140.134.6. [OR]
RewriteCond %{remote_addr} ^221.163.174. [OR]
RewriteCond %{remote_addr} ^62.197.126. [OR]
RewriteCond %{remote_addr} ^82.136.215. [OR]
RewriteCond %{remote_addr} ^85.178. [OR]
RewriteCond %{remote_addr} ^213.23.156.191 [OR]
RewriteCond %{remote_addr} ^69.50.176. [OR]
RewriteCond %{remote_addr} ^85.178.69. [OR]
RewriteCond %{remote_addr} ^85.178.112. [OR]
RewriteCond %{remote_addr} ^85.255.114. [OR]
RewriteCond %{remote_addr} ^85.178.101.238 [OR]
RewriteCond %{remote_addr} ^87.123.24.76 [OR]
RewriteCond %{remote_addr} ^195.225.176. [OR]
RewriteCond %{remote_addr} ^64.124.85. [OR]
RewriteCond %{remote_addr} ^68.45.127. [OR] #68.45.127.122
RewriteCond %{remote_addr} ^24.181.127.241 [OR]
RewriteCond %{remote_addr} ^68.96.46.152 [OR]
RewriteCond %{remote_addr} ^88.72.230. [OR] #88.72.230.200
RewriteCond %{remote_addr} ^88.72.233. [OR] #88.72.233.90
RewriteCond %{remote_addr} ^88.72.. [OR] #88.72.239.29
RewriteCond %{remote_addr} ^66.90.73.66 [OR] #66.90.73.66
RewriteCond %{remote_addr} ^87.123.57. [OR] #87.123.57.60
RewriteCond %{remote_addr} ^195.175.37.8 [OR] #195.175.37.8
RewriteCond %{remote_addr} ^87.123. [OR] #87.123.55.186
RewriteCond %{remote_addr} ^200.118.2.220 [OR] #200.118.2.220
RewriteCond %{remote_addr} ^72.232.10.10 [OR] #72.232.10.10
RewriteCond %{remote_addr} ^88.72.231. [OR] #88.72.231.212
RewriteCond %{remote_addr} ^88.72.232. [OR] #88.72.232.227
RewriteCond %{remote_addr} ^85.178.122. [OR] #85.178.122.247
RewriteCond %{remote_addr} ^88.72.234. [OR] #88.72.234.37
RewriteCond %{remote_addr} ^85.178.76. [OR] #85.178.76.233
RewriteCond %{remote_addr} ^68.212.185. [OR] #68.212.185.10
RewriteCond %{remote_addr} ^150.101.105. [OR] #150.101.105.5

RewriteCond %{remote_addr} ^64.127. [OR]

RewriteCond %{remote_addr} ^216.148.246.
RewriteRule ^.*$ - [F,L]

Ron: That looks scary -- what does it do?

The .htaccess file is looked at by the server before ever delivering an html file or processing a perl script or php file, etc.

Every http connection request by a client web application to a web server delivers a header (just a bunch of bytes of data) filled with a set of lines; things like referrer and browser identifier requested number of bytes etc. . . . the stuff that gets accumulated into your statistics files. And, each request must come from somewhere with an IP address. The set of lines above does nothing more than instruct Apache to examine the IP of the requester and if it matches one of the listed conditions to immediately send a 403 error code (access denied) and be done.

RewriteCond %{remote_addr} ^150.101.105. [OR] #150.101.105.5

this condition means that ANY access attempt by IP range

IP 150.101.105.0 through 150.101.105.255

gets sent the access denied response by

RewriteRule ^.*$ - [F,L]

the ".*" ( dot-asterisk ) takes the entire requested URL (using a Regular Expression) and substitutes it with "-" (meaning nothing or blank) and the "L" indicates this is the last time this darned request even needs to be looked at.

Just do not list your own IP address from where you browse as one of the IP addresses to send the 403 code; it might complicate matters.

The .htaccess file instructions in a given folder apply to files within that folder, and files within subfolders.

The above code would also stop the aggregators from accessing your site in preparation for delivering automated comment and trackback stuff, if they come from the same set of IPs.

You could do weird stuff like let CoP staff view pages but prevent their posting, unless it is Randy, if you want to get creative. Or, you could just occasionally add a few new lines of RewriteCond to respond to a new trackback busybody.

Where did those IP addresses come from?

Hits on my site from automatic trackbackers and commenters. I get no real visitors so I am a good filter for identifying the automated ones.

Solution:

You could demand human intervention by letting folks know that for any trackback they must alter the URL from something like this:
http://bojack.org/cgi-bin/mt-tb.cgi?__mode=view&entry_id=3137
to this:
http://bojack.org/cgi-bin/JACKSAYSITSOKmt-tb.cgi?__mode=view&entry_id=3137

They are already using a copy and paste method.

Then you can couple that with an .htaccess tweak like this (THIS PART IS STILL CONCEPTUAL):

RewriteEngine on
RewriteCond %{REQUEST_URI} JACKSAYSITSOKmt
RewriteCond %{REQUEST_URI} !/mt-tb # need to test, but designed to exclude trackback without the JACKSAYSITSOK
RewriteRule [workinprogress]
[I am working on the precise RewriteRule that substitutes JACKSAYSITSOKmt with mt]

This would be far too left-field for the automated folks to guess at even if it is in the comments here. Too much work.

or

just rename the file
mt-tb.cgi
JACKSAYSITSOKmt-tb.cgi

but leave the reference in the main page just as it is, and add a note in the comments policy page (comments & trackback policy page)

I'm not even sure what a "track back ping" is- would someone enlighten me, please?

Honestly, I really don't think trackbacks are a necessary, or even worthwhile, thing. I've never really liked MT/Typepad/etc. in general though. You also are certainly not the only blogger who doesn't allow trackbacks.

Lily,

A "trackback ping" is a way for one blogger to notify another blogger that their blog entry has been referenced.

Generally, it's intended to allow people to see where a given blog topic has been extended across to other blogs. For example, if I wanted to blog about trackback pings myself, I could post my item and submit a trackback to this article of Jack's. Then, when people were reading Jack's blog, they could see that I had blogged on the same topic, and they might visit my blog to see the additional commentary.

Theoretically, it's a way for bloggers to gain more exposure for their blog -- it's essentially "free advertising" for whoever sends the trackback ping -- and no doubt that's what Jack has found to be the problem. If I had some sort of spam operation that sought to drive people to my website, I could very easily send trackback pings to a bunch of popular blogs, trying to get people on those blogs to visit my site even though it had nothing to do with the original blog post.

I definitely see the exposure benefits to submitting trackbacks on other sites as my own blog hasn't yet established a following. However, it doesn't seem to be much used (at least on the sites I visit regularly) for the intended purpose of extending or relating blog topics. So I'm with Michael that it's not a necessary thing at all. It might be worthwhile if people used it as intended, but if Jack's getting a lot of spam out of the deal, it's definitely not worth keeping around.

Michael, could you elaborate on your thoughts about MT/Typepad? What tool(s) do you prefer?

Sorry to sort of sidetrack the conversation, but I've just started my own blog on Typepad, and I'm still in the free trial period. So far it's been fine, but if there are any "gotchas" that I might not have seen yet, I'd appreciate knowing about them before I pay up!

The most recent version of MT allows you to manually accept trackbacks and comments.

Also, I just noticed that Kevin Drum on Washington Monthly's site has switched to using a trackback feature from Google Blog Search that is in Beta and doesn't seem to be working yet, but I would imagine that it will. It takes trackback spam right out of the equation.

Lily,

Trackback allows blogs to automatically "communicate " with each other. If another blog links to an entry on bojack.org a link to that post is created here under Trackback. That way if you are reading something Jack wrote of particular interest to you, then at the bottom of the post will be links to other entries on other blogs that reference the bojack.org post that you are reading, you can follow the links and see what others are saying about that topic. It auto-creates a conversation.

For example:
http://bigpicture.typepad.com/comments/2006/06/beating_the_sp5.html#trackback

This blog post was commented on by a blogger/columnist a BusinessWeek who took issue with it and wrote a resonse. I can find that response because of trackback.

However, spammers use it to auto-generate links back to their websites, websites that have nothing to do with the topic at hand. Usually porn, pharmaceuticals, loan sharking or gambling. Because search engines use inbound links to judge the popularity and authority of a website, this has become an annoying abuse of trackback.

It's a shame because can be a nice way to move around blogs on a specific topic.

Thanks David and Marc!

Here is a scheme requiring human intervention to manipulate the URL that is now tested:

1) Dream up a special word like NAGSAYSITISOK
2) Put seven lines of code in a .htaccess file
(See, track back test nagblog entry.)
3) Make a duplicate copy of mt-tb.cgi file named like NAGSAYSITISOKmt-tb.cgi
4) Instruct anyone that wants to send a trackback ping to make a substitution like below:

http://nag.pdxnag.com/cgi-bin/mt-tb.cgi/156
http://nag.pdxnag.com/cgi-bin/NAGSAYSITISOKmt-tb.cgi/156

THATS IT!

PROOF -- Copy and paste both lines above into the list box on your own web log entry page for sites to ping; the first will fail, the second will work. The first link is the one that automated gleaners of such links will find, but will be wholly useless. Still, the old "mt-tb.cgi" link, like that found on Jack's main page, still functions to generate a list of prior tackbacks. Like this:

http://nag.pdxnag.com/cgi-bin/mt-tb.cgi?__mode=view&entry_id=695

Lily, Experience is the best teacher. This test page is for you. Log in as if it was your very own blog and send a trackback ping for yourself and test the results.

--PDXNAG: The geek in me still lives.

David,
Really, it depends on what you want to do. TypePad and MT are great for what they do. Personally, I far prefer open source tools such as WordPress, Mambo, Drupal, etc. These require more infrastructure and the like, but I'm the kind of person who runs his own webserver. I really enjoy the ability to look at some functionality and say, "Actually, I think I'd prefer to do it this way..." and then just change it myself. Especially with TypePad you don't have that option. So, like I said, it all really depends on what you want to do.