If your movable type blog gets hit excessively by trackback spammers, you may find yourself unable leave trackbacks for yourself due to a "403 Throttled" error. This http response is from movable type in an effort to slow down mass trackback ping spammers. I will go over some quick fixes, some longer term fixes and some very technical info for those intending to modify their installation of MT to handle trackback ping spam better. This article will apply to MT3 and MT4. I have looked through MT4's codebase to figure out what everything should be set to and how it is implemented.

From the movable type documentation:

I find this an interesting approach because it just multiplies ThrottleSeconds(20) by 4000, which gives you a 22.2 hour day. Personally, I find this whole method flawed as there should be an option to whitelist your own IP as well as throttle per IP. I generally get most spam bursts from a single IP at a time so that would be very effective. I'd like to see this rewritten in the future to match the IP-based filtering of comments.

Quick Fix

Modify your mt-config.cgi to allow either temporarily or permanently for more pings to go through. This can be done by setting values to a few key variables.

OneHourMaxPings - Default: 10. This is the first check. Setting this to 0 will make it so ALL pings are throttled. If you wish to disable it, set it to a very high number (9999).

ThrottleSeconds - Default: 20. This is used both for trackback pings and comments, so keep that in mind. This number is basically saying how long a day is, so whatever you change it to is the length of a day and that day's length is used to check how many pings are allowed given OneDayMaxPings

OneDayMaxPings - Default: 50. This isn't so much for one day as it is how many pings are allowed in (ThrottleSeconds * 4000) seconds, which by default is 22.2 hours. Set this to a very high number (9999) to effectively disable, or to a reasonable number like 200 to allow more pings.

So, if you'd like to just up your hour/day values, just add the following lines to your mt-config.cgi:

OneHourMaxPings 20
OneDayMaxPings 100

Whitelisting your own host or IP

Modify your movable type code to whitelist your hostname or IP. An easy way to do this would be to modify the file <mt-install-dir>/lib/MT/App/Trackback.pm

find the line "sub _builtin_throttle {"
under the line "my $user_ip = $app->remote_ip;"
add:
if ($user_ip eq "127.0.0.1") { return 1; }

Leave "127.0.0.1" in quotes but replace with the IP of your server and it should skip all the throttling checks for any trackbacks you do for yourself. If you're not sure what ip your server is, you can use network tools or any other standard ping (not trackback ping) site to find it. I use this method currently and it works well.

Note - If you modify this code instead of implementing it as a plug-in, it will be overwritten when you upgrade. Fortunately it's a one-line fix to hack in your whitelisting, so it should be achievable to find the same spot in the new code and update it there as well.

Hopefully a good plug-in exists or will exist in the future to handle this better, or better yet, sixapart will upgrade the Trackback ping throttle functionality to add whitelisting and match the functionality of the comment throttle.

Related Articles

How to upgrade to Movable Type 4 Full Templates (MT4)