Spam in blog comments (on MovableType)

Gerv blogged about trouble with comment spam in his weblog. I think most of us have suffered from this at some point. IP blocks tend to help with one group of spammers, but also weed out some possible real commenters. Also, IP lists are a maintenance headache.
Googling for other solutions (for the MovableType engine specifically) reveals there's a really varying bunch out there; ranging from referrer based blocking to url-based blacklisting. Including image-based keywords that a user must type before being able to add the comment. And a miscellaneous set of seven tips to avoid spam.
I'm pretty certain many of those are applicable and do their job, but so far, I'm also thinking many of them are overengineered. My theory is that there are so many MT based blogs out there that almost any non-trivial customization is sufficient to thwart most of the comment spam. Even if you just added a text field saying "Type 'foobar' into this field: [ ]" and required foobar on comment submission, I don't think most spammers would bother to create a custom rule just for your blog – it's easier to spend the energy looking for new blogs. Perhaps even just renaming mt-comments.cgi helps?
Anyway, suffering from the problem myself, I decided to start from the easy end of solution spectrum: I added a hidden field and a single-line check for its content in mt-comments.cgi. A few days into it, I haven't seen spam yet. See an older Burningbird blog entry for details.
It's quite likely that at some point an MT spam script will parse the HTML form and fill my hidden fields correctly. But that's ok, I've got a bag of tricks left even with the hidden field stuff, and once that approach is done with, I'll just throw in more logic. But until I get my first post-hack spam comment, I believe a simple solution goes pretty far here. Whichever approach you pick, the point is doing it yourself: any out-of-the-box solution will be worked around because the gain is big enough. Any personal solution is much more likely to be left alone.

August 15, 2004 В· Jouni Heikniemi В· 2 Comments
Posted in: Web

2 Responses

  1. Dan - December 16, 2004

    Kind of ironic to see spammed comments in a blog entry about comment spam.

  2. Jouni - December 16, 2004

    Right! When writing that entry, I was rather convinced blog spammers weren't as advanced as they seem to be. Now I delete spam daily, but it still keeps trickling, even despite the some of the mentioned tricks and MT-Blacklist installed. Well, this entry has been particularly busy possibly due to the amount of popular links to this page (trackbacks from the numerous links).