I’d rather be blogging about something else, but after a raft of stupid “Neat Blog”, “I agree”, “Cool Blog I’ll be back” comments, often from the same IP with faked emails, appearing on very old posts (ones that pop up on Google), I have taken another level of blog protection.
Taking a cue from Greg’s effort, I have set up a close comments script that de-activates the comment forms on entries older than 30 days (using a PHP script described at geeksblog but the link has actually moved elsewhere). It is pretty easy to set up for MT blogs using mySQL. (Note to Greg- you need to run this as a cron job to keep closing comments off).
This is not too horrible as there are hardly any relevant comments that come more than 30 days later. It does not quite close the comments door as far as Stephan warns but is a step I can live with for now.
Yeah, I thought about the cron issue to automate it. I have the script set so I can run it when I want, instead of on a cron. I was interested to see whether the comment cruft stopped. . . and it nearly has. I think there have only been two or three spam comments since I closed all past comments.
I suspect the comment-spammers target weblogs with open comments. It’s much easier to stick comments on old entries, particularly since if a user doesn’t have email notification enabled, those spam-comments on old entries could actually go un-noticed.
It may be that the lack of many entries with open comments on my weblog may have deterred spammers from making me a target.
Plus, there’s now an MT Plug-in — http://thought-mesh.net/MTCloseComments.html — to help manage and automate closing old comments. Just released last week.
–g
I am curious to see iif the closed commnets stop the spam posts that are generating by spoofing the URL for the cgi-script that posts them, e.g. does the comment open/close state affect its ability to accept new ones from places other than the web form?
The plug-in looks useful, maybe a half dozen vs 6 decision compared to the simple PHP script- the later seems less obtrusive as a cron since it does not require an index rebuild to run.
We’ll see what happens (or doesn’t!)
The other reason I don’t worry about it so much:
http://diveintomark.org/archives/2003/11/15/more-spam
I “dove” into Mark’s warnings already:
http://jade.mcli.dist.maricopa.edu/alan/archives/000325.html
but fail to see how that relieves any worry. Yes a blacklist may not be workable scalable, yadda yadda, but IT WORKS NOW, as my activity logs show. And the flip side is the the ML Blacklist plugin provides me a one click cleansing tool for any comment/trackback that I find objectionable. Without that, I would not be blogging, I would be spending that time stepping through MT contstantly to manually remove the cruft (or not care).
However, I am against turning comments off. I can count more instances where I have gotten valuable information or ideas from a comment that I would have missed without that feature (such as the URL you sent in the first comment to this post). While you can “dive into mark” you cannot send him any comments or feedback, he is a one way blogger– this is stale to me that I cannot connect with a writer.
So fiine, I am naive, and will be crushed by a horde of roaches. I’d rather try something that stick my head in the sand and “I cannot do anything!”