Comment spam has really been ticking me off lately. I’m not so angry at the spammers, ultimately what they are doing is basic human nature — in any group there will always be someone that tries to ruin the experience. I’m angry at Google for making anti-social behavior profitable. Weblogs have become victims of their Pagerank.
All of my comment spam seems to be for the same thing, posted from an ever-changing list of IP addresses. My spammer’s tools are not sophisticated. I’ve noticed that the only time those IPs show up in my logs is for the POST. No referrer. No prior GET requests. Low Entry IDs, obviously guessed.
I decided that the easiest course of action against my spammer was to simply rename mt-comments.cgi. It’s not a sophisticated response but watching the 404s scroll by it was clearly effective.
More sophisticated spammers will visit me in the future, I’m sure. I hope that the weblog tool vendors are working to stay ahead. Solutions like TypeKey and MT-Blacklist don’t set the bar much higher than my renamed mt-comments.cgi.
On an old site of mine running MT2.x, we just deleted 30k comments from the database, including a handful of real ones. We haven’t switched to MT3 because we don’t fit the free license (community weblog, rarely updated, but multiple authors).
How many templates did you have to change references to mt-comments.cgi in? That seems like a nice way to spoof them for a while.
Stock templates use MTCommentScript to reference the script. Rename the script, uncomment and update the CommentScript value in mt.cfg, and rebuild any archives that use an inline comment form (usually just the Individual Entry archive).
That’s basically all that I did, and my MT install is fully tweaked with a Rube Goldberg XML / XSLT / PHP back-end. Some day there won’t be anything left of Movable Type…
I wonder how long it’ll be before someone invents a teergrube mt-comments.cgi? Or has bandwidth become so cheap that that approach is dead?
Zombies are cheap.