I told you I was serious. Steps have been taken to turn the tide on comment spam roaches. The MT-Blacklist can only go so far (and activity logs show it does squeeze out the regular v*agra repeat crowd). Image courtesy of the Orphanage of Cast-Off Mascots .
Next in the arsenal are steps 1 and 2 from “Seven quick tips for a spam-free blog”, courtesy of one of the quirkiest blog names in recent memory “The Accumulating Evidence of Yoz Grahame’s Infuriating Inability to Prioritise”.
The first involved removing all uses of the JavaScript pop-up for entering comments from index pages, which most easily reveals a full URL for spam action in the source. Links for comments now point to the anchor link on the individual entry. The next step is to rename the mt-comments.cgi script to…. ahem…. something else. This demands an edit to the mt.cfg file to let your templates know that the comment script is something other than the default. This should trip any scripts using a shotgun approach on the default script name.
Since all template pages use the script path via the variable $MTCommentScript$, I had to do a complete rebuild on not only my blog, but the 10 or so others running on the server.
Ben Brophy suggested removing the URL field from the form which only stumps spammers actually using the form– it would do nothing against ones who are using automated scripts based on munging the cgi parameters. Better yet (but would require edits of the perl mt-comments.cgi script) might be to change the name of the URL field and variable in the scripts, or even commenting out the comments script output (!!) so that it never wrote the offending URLs to your blog.
Next up might by Burningbird’s approach of embedding a require hidden element in a comment form- which would call for more template fiddling and of course is still discoverable by HTML source seekers.
So far not so painful. Of course not fool proof.
“I am not a roach” Richard R. Nixon, May 2004