Over the last few weeks I’ve been getting increasing amounts of spam attempts on my blog. Normally my blog’s spam catcher deals with it nicely, but since the upgrade to version 4 of Movable Type
Over the last few weeks I’ve been getting increasing amounts of spam attempts on my blog. Normally my blog’s spam catcher deals with it nicely, but since the upgrade to version 4 of Movable Type I’ve had more spam comments than normal breaking through to be published.
Even so, these are easy to deal with. I’ve just been deleting them when I see them and updating the spam word list. Still, I’m a lazy sod and I don’t want these buggers giving me more work than I want so I’ve added a couple of spam-related plugins to make my life easier.
I had Askimet installed previously but it managed to go missing when I moved my blog around. I’ve reinstalled the Movable Type version to catch any comments or trackbacks that make it through the normal SpamLookup checks. This usually works really well – previously, I’ve only every had one or two false positives.
Additionally, and possibly more effective, is a plugin called No Harvester. This prevents posting of comments by spammers using zombie computers – a common method of using someone else’s resources to send spam. It works like this:
A popular way for comment spammers to get their job done is to automatically harvest comment forms and forward the data to zombie computers who do the spamming. If you’re getting a lot of spam comments to the same blog entries, you’re probably a victim of the method.
This Movable Type plugin makes it nearly impossible for zombie nodes to post comments to entries harvested by another computer. Extra hidden values are added to all comment forms, one of those values is a server-computed key that’s different for each entry and user, and cannot be used by a different computer or faked.
I’m not entirely convinced that I’ve installed this correctly. The instructions tell you to change some of the site templates to include new values but I’ve only found one place to do this rather than the three or more suggested. I’m not so used to the new templating system in MT4 but the changes I’ve made seem to be working. As things stand now my activity log is showing a lot of refused comment attempts, plus I was able to successfully comment myself. Please let me know if you try and comment and are not able to – I may well have messed this one up somewhere.
We’ll see how well this works, but so far these two changes should shut out almost all spam attempts on here.