Killing Comment Spam Dead – Jay Allen begins to tackle the comment spambots that have cropped up targeting MT blogs with great frequency over the past few days.
However, thank god, he notes wait until Monday to tackle this, as he’ll be releasing a plugin.
(UPDATE: be warned, this is a VERY hackish plugin, to the point I’m not sure it should really be considered a plugin as such. You’ll need to have libgd installed, which I accomplished via these instructions, using fink.)
(UPDATE II: fiddlesticks, a combination of outdated instructions and having to try to adapt CPAN to look for fink-based instals makes this into an overly-involved install, so I’m aborting. Man – GD, ImageMagick, netpbm – can’t we all just get along?)
Another approach is to hack the default names of the comments scripts, and replace them with a spambot trap that automagically adds any IP address to an .htaccess file when the trap CGI is hit by the bot. The drawback here is that old Google links to a given comment would lead to the trap; and eventually, Google would re-spider the good links; it seems the blogspammers are also scraping for strings based on default configs as well and so might well be able to identify foo.cgi as a renamed comments CGI.
Here are some links and discussions on the topic:
Yoz Grahame: Seven quick tips for a spam-free blog. Summary: rename your commenst script, hack to include a “delete” link in the notification email,
add some misdirection to the form code. Much of this is included in the upcoming MTBlacklist.
Mentalized: Movable Type: Easier edit/removal of new comments. Summary: add a link in the notification email to take you to the edit page for that comment.
Adam Kalsey: Comment spam. Summary: comment throttling, back-end tokenized authentication (I like that!), but does not favor captcha, becasue it violates accessiblity guidelines in its’ simplest deployable form. Adam is also not in favor of content filtering, which is the heart of the MTBlacklist approach.