Reports from the trenches on the fight against comment spam…. CDB has been relatively quiet since masquerading the URLs for comment scripts. However, two other blogs on our server, one for a college Center for Teaching and Learning and the other of an Art faculty member, were pummeled this week with the worst of the porn spam, and in multiple doses.
Some of the problem were a few things I had accidently hosed with the MT-Blacklist plugin, but these URLs were really attacking the blacklist model by various permutations on animals, fetishes, body parts, etc. I guess the folks making out are the domain registrars.
It is sure feeling like another nail for perhaps an MT coffin this summer
But a few positive puny, miniscule victories….
First, the update to MovableType 2.661 brought us protection from those rapid burst attempts, by the “throttling” feature (choking server requests that come from the same source in a short period of time). There were about 80 of these throttle rejections in a rather short period of time reported on the MT Activity log. This was 33 shot downs in a row over about 90 minutes.
Secondly, renaming the mt-comments.cgi file name has bopped a whole raft of spam roaches. I tracked 933 rejects in a row recorded to my web server log, within about 80 minutes.
Finally, I just managed to trigger the right changes in the MT-Blacklist setup to get it fully functioning again. I am looking at documenting a strategy to remove from the HTML source the direct URL to the comments script with the attached entry number.
It does start to beg the question of the value of MT, and is inching me closer to looking around.
So spam roaches, take your goats somewhere else. I got more important things to do than stomping your fetid carapaces.