About once every three days, I get a slew of comment spam. I've dealt with this in previous posts, and I've gotten MT-Blacklist to deal with the problem. My blacklist filter is huge, but still not complete enough to filter every spam. The filters that come from the master blacklist (no longer in existence) are very specific, and I find myself amazed that simple spam-related words such as "casino" and "porn" are not filtered out. So I ban these words outright. However, that means that no one can post a comment with those words in it. That sucks (although, for those words, no big loss). Plus, it's a stupid solution because spammers can easily work around it, substituting an endless variety of look-alike words like "casin0".
There is a solution, upgrading to Movable Type 3. However, since I have multiple authors, such an upgrade would cost around $40.
A coworker suggested I move my blog to LiveJournal, and let them take care of the spam problem. However, to use my current domain name, and to customize the look and feel to get my LiveJournal site close to my current design costs $20/year. Not bad, perhaps a better deal than Movable Type. However, I then have no control at all. If the spam problem (or other problem) still exists, I'm screwed. Also, I don't want to be part of the LiveJournal community, I'd rather be a part of the independent blogger community.
These solutions are not a terrible amount of money, but I'd like to see if I can make some quick fixes that can solve the problem for only a small loss of free time.
So, I have two potential solutions, one of which I already implemented. First, close off comments on most posts, which I did this morning. There is no easy way to do this through the Movable Type UI, so I had to just modify the database directly. Not too hard.
If that still doesn't stop the spam, I can do something quite simple like put a hidden field in the comment submission page, and look for that in the script where comments are posted to. That would thwart any tool that just does POST's to comment scripts. Alternatively, I could require that users enter some simple field manually to post. In that way, even if the spammers try to mimick a real posting, they will fail. It is easy enough to work around, but my site is not important enough for spammers to bother creating special code to deal with.
If all this fails, I'll have to cough up some cash and upgrade MT or move to LiveJournal.
The funny part is that these spams are useless! Movable Type changed the way comment url's linked, so that URL's in comments cannot effect Google page-ranking. But, spamming is so low-cost that even if 99% of the spam does nothing, it still is worthwhile.
Posted by ahyatt at October 5, 2005 01:30 PMSee
http://www.elise.com/mt/archives/000246concerning_spam.php
and
http://cheerleader.yoz.com/archives/000849.html
I did just about everything they suggested. I usually get only one or two spam comments a week (if that).
You could also look at moving to WordPress.
Posted by: Brian Marston on October 6, 2005 06:15 PMGood tips. Thanks!
I checked out WordPress, by the way, but it doesn't easily handle multiple blogs.
Posted by: Andrew Hyatt on October 6, 2005 07:03 PMThere's a hack/plugin for WordPress that lets you maintain multiple blogs with one installation. I can't remember the name of it at the moment, but I used it for a demo site once.
Posted by: Brian Marston on October 6, 2005 10:24 PMOne idea is to rename the cgi script that is used to submit comments. If you rename it I guess the theory is that bots won't be able to find it.
Posted by: Brody on October 7, 2005 05:00 AMThey will eventually find your renamed comment CGI script, though that did seem to help a little.
I had great luck when I upgraded to MT3 and started using the MT-Blacklist/SpamLookup combo to fight spam. Not a single spam got through. MT3.2 includes the SpamLookup stuff in the actual build and shunts all the "spam" off to a Junk folder, but I have to say, I get about 1 or 2 false positives a day as well as spam that isn't classified as junk but that ends up in the "Moderated" status (that is to say, waiting for approval).
I looked into WordPress at one point, but just for curiosity's sake. I liked what I saw, but I'm too invested in customized MT templates, coding, and modules to learn a whole new system, as tempting as it is. Brian: Is there something inherently superior to WordPress's spamfighting or do you think it's more a matter of spammers not targeting WP blogs yet?
Posted by: Adam on October 18, 2005 10:58 AM